TLDR:
- A multinational cybersecurity advisory warns organizations using Ivanti VPN of potential attacks.
- Threat actors are exploiting vulnerabilities in Ivanti products for data exfiltration and credential theft.
Article Summary:
A joint cybersecurity advisory issued by the Five Eyes intelligence alliance, led by the Cybersecurity and Infrastructure Security Agency (CISA), warns organizations using Ivanti Connect Secure and Ivanti Policy Secure VPNs of potential attacks. Threat actors have been exploiting vulnerabilities in these Ivanti products for data exfiltration, credential theft, and other malicious activities. Incident response tests conducted by CISA revealed that threat actors were able to bypass Ivanti’s internal integrity checker tool and gain root-level access even after factory resets. The advisory recommends organizations limit outbound internet and SSL VPN connections, and regularly update firmware and operating systems to mitigate risk.
CISA Executive Assistant Director Eric Goldstein emphasized the urgency in providing guidance and assistance to impacted victims. The advisory also includes an emergency directive to remove and rebuild vulnerable Ivanti devices to reduce risk to federal systems. The advisory was issued by the Five Eyes, which is an intelligence alliance comprising Australia, Canada, New Zealand, the United States, and the United Kingdom.
In response to these threats, the Potomac Officers Club is hosting the 2024 Cyber Summit to address issues such as IT security in the public sector supply chain. The summit aims to bring together cyber experts and government officials to discuss critical cybersecurity challenges.