LetsDefend Monitoring Alert
ScreenConnect Authentication Bypass Exploitation Detected (CVE-2024-1709)
Feb, 22, 2024, 01:39 AM
Event ID: 229
Event Time: Feb, 22, 2024, 01:39 AM
Rule Name: SOC262 - ScreenConnect Authentication Bypass Exploitation Detected (CVE-2024-1709)
Alert Type: Web Attack
MITRE Technique:
T1190 - Initial Access - Exploit Public-Facing Application,
T1136 - Persistence - Create Account,
T1562 - Defense Evasion - Impair Defenses,
Real World Example:⭐ Several attackers began targeting vulnerable public-facing ConnectWise ScreenConnect servers to exploit them and deliver ransomware by exploiting CVE-2024-1709 in February 2024.
Severity: Critical
Incident Responder