Endpoints are critical to the success of cyber attacks. While the definition what an endpoint is, exactly, has shifted over time, the threat has remained the same: Threat actors need a device to spread malware, encrypt assets, and harvest application credentials — they need an endpoint.

Let’s start with the good news. Law enforcement organizations around the world have stepped up their efforts to find, stop, and arrest ransomware operators, shut down dark web markets, and close crypto mixers and tumblers that help threat actors launder their funds.

On February 20, 2024, we published a security bulletin detailing newly disclosed authentication bypass and path traversal vulnerabilities in ConnectWise ScreenConnect. Shortly after the bulletin was sent, ConnectWise updated their security bulletin with IOCs from observed active exploitation of these vulnerabilities. On February 21, 2024, the vulnerabilities were assigned the following CVE numbers.

On February 20, 2024, the National Crime Agency (NCA) of Britain and the Federal Bureau of Investigation (FBI) announced the successful disruption of the Lockbit ransomware gang, marking a significant milestone in the fight against cybercrime. This operation, known as Operation Cronos, was a collaborative effort involving law enforcement agencies from the UK, the US, and several other countries, with support from private sector partners.

As cybercrime evolves, one avenue for attack has risen to prominence across the world: Ransomware. According to Arctic Wolf’s State of Cybersecurity 2023 Trends Report, 48% of organizations view ransomware as the top attack vector concern. A concern comes with just cause, as the Arctic Wolf Labs 2024 Threats Report showed 48.6% of incidents investigated by Arctic Wolf were ransomware attacks.

On February 13, 2024, Microsoft published their February 2024 security update with patches for 73 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 5 vulnerabilities in this bulletin that were categorized as critical or zero-day vulnerabilities. Two of these vulnerabilities have been reported to be exploited in the wild.

On February 19, 2024, ConnectWise published a security bulletin detailing two critical vulnerabilities within their on-premises ScreenConnect software. At the time of writing, these vulnerabilities do not have CVE numbers assigned to them. ConnectWise has stated that the vulnerabilities have the potential to result in remote code execution (RCE). Vulnerability #1 (CVSS: 10): Allows a threat actor to achieve authentication bypass by leveraging an alternate path/channel.

When it comes to modern systems and networks, identities are the new perimeter. Long gone are the days of singular office-bound systems with a set server room and endpoints that stayed on desks. With the rise of hybrid work models, cloud computing, and rapid digitization in industries like healthcare and manufacturing, it’s a user’s identity that holds increasing power over a network’s function and security.