A new joint cybersecurity advisory is warning organizations that use the virtual private network Ivanti Connect Secure and network access control platform Ivanti Policy Secure.
The Cybersecurity and Infrastructure Security Agency on Thursday led the joint report which found that threat actors are exploiting the vulnerabilities of the Ivanti products for data exfiltration, credential theft and other attacks.
In incident response tests conducted by CISA, threat actors disabled the ability of Ivanti’s internal and previous external integrity checker tool to detect compromise. Factory resets will not likely prevent the attackers from gaining root-level access.
The advisory recommends that affected organizations limit their outbound internet and SSL VPN connections, and do regular firmware and operating system updates.
The international statement was unanimously issued by the Five Eyes, an intelligence alliance of the governments of Australia, Canada, New Zealand, the United States and United Kingdom.
“Since initial disclosure of these vulnerabilities, CISA and our partners have urgently worked to provide actionable guidance and assist impacted victims,” said CISA Executive Assistant Director Eric Goldstein. “This includes an emergency directive to remove and rebuild vulnerable Ivanti devices to reduce risk to federal systems upon which Americans depend.”
The Potomac Officers Club’s 2024 Cyber Summit is open for early bird event registration. Join cyber experts and government officials on June 6 in discussing issues such as IT security in public sector supply chain.
