CISA Hit by a Major Cyber Attack
CISA Hit by a Major Cyber Attack
The US Cybersecurity and Infrastructure Security Agency (CISA) warned of Ivanti software vulnerabilities. It even ordered emergency gaps of insecure VPNs by US federal entities. Two systems were shut down because CISA was compromised.
U.S.A.: CNN reports that the Computer Security Incident Response Team (CISA) learned that it had been hacked a month ago and was compelled to unplug two critical computer systems. Between the federal government, state governments, and municipal governments, one system was in charge of facilitating the sharing of cyber and physical security assessment tools. On the other hand, it contains information regarding the security evaluation of chemical facilities.
There was no impact on the operations of CISA as a result of the attack, and two outdated systems were scheduled to be replaced.
A study that was published by Recorded Future News stated that malicious actors took use of vulnerabilities that were included in Ivanti products. From its headquarters in Utah, Ivanti is a software firm that offers solutions for information technology management and security, including virtual private networking.
An upgrade to the Ivanti software, which was afflicted with vulnerabilities of high and critical severity, has been urged by the Computer Security Industry Association (CISA) for a number of weeks.
On January 10, Ivanti announced that there were two additional vulnerabilities that were present in the gateways that are part of the Ivanti Connect Secure (ICS) and Ivanti Policy Secure systems. The 31st of January saw the announcement of two further vulnerabilities, and the 8th of February saw the disclosure of the fifth vulnerability.
According to Unit 42’s findings, attackers might chain the vulnerabilities in order to execute remote code on affected systems without first authenticating themselves.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an order to the federal agencies of the United States of America, instructing them to “disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks as soon as possible and no later than 11:59 PM on Friday, February 2nd, 2024.” After the patches were applied, the organizations were given permission to activate the products.
According to a spokesperson for Ivanti, “Ivanti, Mandiant, CISA, and the other JCSA authoring organizations continue to recommend that defenders apply available patching guidance provided by Ivanti if they haven’t already done so, and run Ivanti’s updated Integrity Checker Tool (ICT), which was released on February 27th, to assist in detecting known attack vectors.” Continuous monitoring is also recommended.
Following the installation of the security upgrades and factory resets that Ivanti recommends, there have been no instances of effective threat actor persistence that Ivanti and their partners have been aware of. In addition, the organization offers additional direction through its blog.
It is not quite obvious who was responsible for the breach that occurred at CISA. Private researchers who were interviewed by CNN stated that they had seen Chinese groups making use of the vulnerabilities that were already known.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE ARTICLE HERE