Ivanti Breach Prompts CISA to Take Systems Offline

We Keep you Connected

Ivanti Breach Prompts CISA to Take Systems Offline

CISA has not confirmed which two systems it took offline or what kind of data was accessed.
March 11, 2024
According to officials, threat actors breached the Cybersecurity and Infrastructure Security Agency's (CISA) systems using Ivanti product vulnerabilities back in February.
Suspicious activity was first identified a month ago in two systems that were taken offline, a CISA spokesperson noted, but it is unclear who was behind the incident and whether any data was accessed or stolen.
The two systems taken offline were reportedly the Infrastructure Protection Gateway and the Chemical Security Assessment Tool (CSAT), though CISA has not confirmed this.
CISA recommends that organizations review an advisory it released in late February regarding three Ivanti vulnerabilities, identified as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. These are part of the Ivanti Connect Secure and Ivanti Policy Secure gateways.
In addition to this, CISA reported that in its case, the Ivanti ICT failed to detect compromise in incident response engagements. The hackers were able to steal credentials on these Ivanti devices and even access full domain compromise, in some cases. Several leading cybersecurity agencies urge all organizations to be wary of these gateway tools because of the risks that they pose in an enterprise environment.
CISA reports that there is no operational impact at this time but that "this is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience."
Dark Reading Staff
Dark Reading
Dark Reading is a leading cybersecurity media site.
You May Also Like
Assessing Your Critical Applications’ Cyber Defenses
Unleash the Power of Gen AI for Application Development, Securely
The Anatomy of a Ransomware Attack, Revealed
How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
Building a Modern Endpoint Strategy for 2024 and Beyond
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Industrial Networks in the Age of Digitalization
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
Privileged Access Management Checklist
Defending Against Critical Threats
Strengthen Microsoft Defender with MDR
Stopping Active Adversaries: Lessons from the Cyber Frontline
FortiSASE Customer Success Stories – The Benefits of Single Vendor SASE
2023 Gartner Magic Quadrant for Single-Vendor SASE
Understanding AI Models to Future-Proof Your AppSec Program
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

TNC

LET US MANAGE YOUR SYSTEM
SO YOU CAN RUN YOUR BUSINESS

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE