HomeCII/OTIvanti VPN Zero-Days Drive Attack Frenzy as Patches Finally Roll Out

Ivanti VPN Zero-Days Drive Attack Frenzy as Patches Finally Roll Out

Published on

spot_img

Ivanti and The Rampant Exploitation of Security Vulnerabilities

Ivanti, a major provider of VPN appliances, has found itself in the crosshairs of cyberattackers following the disclosure of two zero-day security vulnerabilities in its Connect Secure VPN appliances on January 10. While the company has taken steps to address the vulnerabilities, it also announced the discovery of two additional bugs in the platform, further complicating the situation.

The first round of patches aimed at addressing the original set of zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) has been released by Ivanti. However, these patches are only applicable to certain versions of the affected systems, with additional fixes scheduled for release on a staggered basis in the coming weeks.

Meanwhile, the company has issued a mitigation that organizations with unpatched systems are strongly advised to apply immediately, in order to protect themselves from exploitation by both state-sponsored actors and financially motivated cybercriminals.

Despite these measures, exploitation of the vulnerabilities has continued at a steady pace. According to cybersecurity firm Mandiant, an advanced persistent threat (APT) group known as UNC5221, which is associated with the Chinese government, has been behind a significant number of attacks dating back to early December. The frequency of attacks has increased exponentially following the public disclosure of the two new vulnerabilities at the beginning of January.

Mandiant’s analysis of the cyberattacks on Ivanti Connect Secure VPNs has shed light on the various types of malware being deployed by cyberattackers. These include different variants of web shells, backdoors embedded in Ivanti Connect Secure Python packages, and credential-theft malware, among others. The primary goal of these attacks is to gain unauthorized access to sensitive systems and data within targeted organizations.

Furthermore, the discovery of two new high-severity zero-day vulnerabilities (CVE-2024-21888 and CVE-2024-21893) has added to the urgency of the situation. The first vulnerability, a privilege escalation flaw, poses a significant risk to the security of affected systems, allowing attackers to gain administrator privileges. The second vulnerability, a server-side request forgery issue, enables attackers to access restricted resources without proper authentication.

Ivanti and cybersecurity experts have warned organizations of the potential for a sharp increase in exploitation once information about these new vulnerabilities becomes widely known. Given the gravity of the situation, organizations using vulnerable versions of Ivanti’s products have been strongly urged to prioritize the application of patches and other mitigation measures.

The pervasive and persistent nature of these cyberattacks underscores the critical importance of prompt and comprehensive action by affected organizations. The stakes are high, with the potential for unauthorized access to sensitive data, system compromise, and other serious consequences.

As the threat landscape continues to evolve, it is essential for organizations to remain vigilant and proactive in addressing security vulnerabilities and mitigating the risks posed by cyber threats. The ongoing campaign against Ivanti serves as a stark reminder of the ever-present dangers in cyberspace and the need for robust cybersecurity defenses to safeguard critical systems and data.

Source link

Latest articles

Identifying online disinformation techniques

In today's world of information, knowledge is often just a few clicks away, thanks...

Secure Access in the Age of AI

Microsoft’s Principal Product Manager, Jef Kazimer, and Senior Product Manager, Bailey Bercik, were featured...

Vastaamo Hacker Vanishes During Ongoing Trial

The news article reports on the disappearance of Aleksanteri Kivimaki, a Finnish hacker who...

“Organizations are experiencing a significant identity crisis while criminals benefit” – The Register

Identity-related threats are becoming a growing concern for network security professionals due to the...

More like this

Identifying online disinformation techniques

In today's world of information, knowledge is often just a few clicks away, thanks...

Secure Access in the Age of AI

Microsoft’s Principal Product Manager, Jef Kazimer, and Senior Product Manager, Bailey Bercik, were featured...

Vastaamo Hacker Vanishes During Ongoing Trial

The news article reports on the disappearance of Aleksanteri Kivimaki, a Finnish hacker who...
en_USEnglish