HomeCyber BalkansCISA Issues Warning About Hackers Exploiting Ivanti VPN Vulnerability

CISA Issues Warning About Hackers Exploiting Ivanti VPN Vulnerability

Published on

spot_img

Hackers have been actively exploiting vulnerabilities in Ivanti VPN, a popular tool used to secure sensitive data and communications. The Cybersecurity and Infrastructure Security Agency (CISA), along with several partner organizations, recently issued a warning regarding the exploitation of multiple vulnerabilities in Ivanti VPN. These vulnerabilities, identified as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, allow threat actors to bypass authentication, execute commands, and evade detection on Ivanti gateways.

The Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), United Kingdom National Cyber Security Centre (NCSC-UK), Canadian Centre for Cyber Security (Cyber Centre), New Zealand National Cyber Security Centre (NCSC-NZ), and CERT-New Zealand (CERT NZ) are among the agencies that have issued warnings about these vulnerabilities. These organizations have urged network defenders to be proactive in hunting for malicious activity, updating their systems, and applying patches to mitigate the risks posed by these vulnerabilities.

CISA, in response to the Ivanti vulnerabilities, detected threat actors exploiting CVEs to implant web shells and harvest credentials. These threat actors used native Ivanti tools like freerdp and SSH for lateral movement within compromised networks, ultimately leading to full domain compromises. Despite efforts to detect compromise through integrity checking and forensic analysis, Ivanti’s ICT systems failed to identify the nefarious activities.

Organizations are advised to be cautious of rootkit-level persistence even after factory resets, as advanced threat actors can remain undetected for extended periods. Due to the significant risks posed by these vulnerabilities, it is recommended that enterprises reconsider their use of Ivanti Connect Secure and Policy Secure gateways in their environments.

To mitigate the risks associated with these vulnerabilities, cybersecurity experts recommend various steps, including choosing VPNs wisely, securing remote access tools, restricting outbound connections on SSL VPNs, using low-privilege accounts for LDAP bind in SSL VPNs, updating OS, software, and firmware regularly, and enforcing strong password policies. These measures are crucial in preventing unauthorized access and data breaches that could result from exploiting VPN flaws.

In conclusion, the exploitation of Ivanti VPN vulnerabilities highlights the ongoing threats posed by hackers to organizations’ cybersecurity. By staying vigilant, applying necessary patches, and following best practices recommended by cybersecurity experts, organizations can strengthen their defense against cyber attacks and protect their sensitive data and communications from unauthorized access.

Source link

Latest articles

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...

Reducing Threats from the IABs Market

As ransomware attacks continue to escalate in frequency and severity, one of the key...

More like this

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...
en_USEnglish