HomeCyber BalkansCISA Issues Warning About Hackers Exploiting Ivanti VPN Vulnerability

CISA Issues Warning About Hackers Exploiting Ivanti VPN Vulnerability

Published on

spot_img

Hackers have been actively exploiting vulnerabilities in Ivanti VPN, a popular tool used to secure sensitive data and communications. The Cybersecurity and Infrastructure Security Agency (CISA), along with several partner organizations, recently issued a warning regarding the exploitation of multiple vulnerabilities in Ivanti VPN. These vulnerabilities, identified as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, allow threat actors to bypass authentication, execute commands, and evade detection on Ivanti gateways.

The Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), United Kingdom National Cyber Security Centre (NCSC-UK), Canadian Centre for Cyber Security (Cyber Centre), New Zealand National Cyber Security Centre (NCSC-NZ), and CERT-New Zealand (CERT NZ) are among the agencies that have issued warnings about these vulnerabilities. These organizations have urged network defenders to be proactive in hunting for malicious activity, updating their systems, and applying patches to mitigate the risks posed by these vulnerabilities.

CISA, in response to the Ivanti vulnerabilities, detected threat actors exploiting CVEs to implant web shells and harvest credentials. These threat actors used native Ivanti tools like freerdp and SSH for lateral movement within compromised networks, ultimately leading to full domain compromises. Despite efforts to detect compromise through integrity checking and forensic analysis, Ivanti’s ICT systems failed to identify the nefarious activities.

Organizations are advised to be cautious of rootkit-level persistence even after factory resets, as advanced threat actors can remain undetected for extended periods. Due to the significant risks posed by these vulnerabilities, it is recommended that enterprises reconsider their use of Ivanti Connect Secure and Policy Secure gateways in their environments.

To mitigate the risks associated with these vulnerabilities, cybersecurity experts recommend various steps, including choosing VPNs wisely, securing remote access tools, restricting outbound connections on SSL VPNs, using low-privilege accounts for LDAP bind in SSL VPNs, updating OS, software, and firmware regularly, and enforcing strong password policies. These measures are crucial in preventing unauthorized access and data breaches that could result from exploiting VPN flaws.

In conclusion, the exploitation of Ivanti VPN vulnerabilities highlights the ongoing threats posed by hackers to organizations’ cybersecurity. By staying vigilant, applying necessary patches, and following best practices recommended by cybersecurity experts, organizations can strengthen their defense against cyber attacks and protect their sensitive data and communications from unauthorized access.

Source link

Latest articles

Marlinspike Capital Transforms the Cybersecurity Investment Playbook

Navigating the Intersection of National Security, AI, and Cybersecurity: Insights from Marlinspike Co-Founders Marlinspike, a...

ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking, and 12 Additional Stories

Cybersecurity Weekly Review: A Rise in Threats and Attack Vectors In the ever-evolving landscape of...

Selfish Bravado Led to TfL Cyber-Attack, Judge States as Duo Sentenced

Two Young Men Sentenced for Transport for London Cyber-Attack: A Case of Self-Serving Bravado Recently,...

Millions of Shark Robot Vacuums Exposed to Unpatched Remote Code Execution Vulnerability

Millions of Shark Robot Vacuums Vulnerable to Critical Exploit Millions of internet-connected Shark robot vacuums...

More like this

Marlinspike Capital Transforms the Cybersecurity Investment Playbook

Navigating the Intersection of National Security, AI, and Cybersecurity: Insights from Marlinspike Co-Founders Marlinspike, a...

ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking, and 12 Additional Stories

Cybersecurity Weekly Review: A Rise in Threats and Attack Vectors In the ever-evolving landscape of...

Selfish Bravado Led to TfL Cyber-Attack, Judge States as Duo Sentenced

Two Young Men Sentenced for Transport for London Cyber-Attack: A Case of Self-Serving Bravado Recently,...