Cyber criminals exploit recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to gain initial network access. These flaws, CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, allow attackers to upload and download files on compromised devices and escalate privileges to administrative levels.
Ongoing Attacks Targeting SimpleHelp Servers
Research from Arctic Wolf indicates an ongoing campaign targeting SimpleHelp servers, which began shortly after publicly disclosing these vulnerabilities. While it is not yet confirmed that these specific flaws are the entry point, there is a strong suspicion that cyber criminals are leveraging them to compromise networks.
Threat actors are exploiting existing installations of SimpleHelp, mainly where the software was previously used for remote support but remains present on systems. Attackers gain control of SimpleHelp clients by exploiting these vulnerabilities or using stolen credentials to establish unauthorised remote access.
Once inside, they execute reconnaissance commands such as net and nltest to gather intelligence on user accounts, domain controllers, and shared resources—common steps before privilege escalation and lateral movement within an organisation’s network.
Urgent Security Recommendations
At Neuways, we strongly advise businesses to take immediate action to mitigate the risk:
- Upgrade Immediately – Ensure your SimpleHelp RMM software is updated to the latest patched versions:
- Review and Remove Unused Software – If SimpleHelp was installed for third-party support but is no longer in use, uninstall it to eliminate a potential attack vector.
- Monitor for Unauthorised Activity – Check for unexpected SimpleHelp connections to unapproved servers and investigate any suspicious remote access activity.
- Harden Access Controls – Implement multi-factor authentication (MFA) and restrict administrative privileges to reduce the risk of compromise.
Protecting Your Business from Cyber Threats
Neuways provides proactive security monitoring and response services to help businesses defend against cyber threats like these. Contact our cyber security experts today if you suspect your organisation may be at risk or require support securing your systems.
