US Cybersecurity Agency Forced to Take Two Systems Offline Last Month After Ivanti Compromise (therecord.media) 4
" A federal agency in charge of cybersecurity discovered it was hacked last month..." reports CNN.
Last month the U.S. Department of Homeland Security experienced a breach at its Cybersecurity and Infrastructure Security Agency, reports the Record, "through vulnerabilities in Ivanti products, officials said..."
"The impact was limited to two systems, which we immediately took offline," the spokesperson said. We continue to upgrade and modernize our systems, and there is no operational impact at this time."
"This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience." CISA declined to answer a range of questions about who was behind the incident, whether data had been accessed or stolen and what systems were taken offline.
Ivanti makes software that organizations use to manage IT, including security and system access. A source with knowledge of the situation told Recorded Future News that the two systems compromised were the Infrastructure Protection (IP) Gateway, which houses critical information about the interdependency of U.S. infrastructure, and the Chemical Security Assessment Tool (CSAT), which houses private sector chemical security plans. CISA declined to confirm or deny whether these are the systems that were taken offline. CSAT houses some of the country's most sensitive industrial information, including the Top Screen tool for high-risk chemical facilities, Site Security Plans and the Security Vulnerability Assessments.
CISA said organizations should review an advisory the agency released on February 29 warning that threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways including CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893.
"Last week, several of the world's leading cybersecurity agencies revealed that hackers had discovered a way around a tool Ivanti released to help organizations check if they had been compromised," the article points out.
The statement last week from CISA said the agency "has conducted independent research in a lab environment validating that the Ivanti Integrity Checker Tool is not sufficient to detect compromise and that a cyber threat actor may be able to gain root-level persistence despite issuing factory resets."
UPDATE: The two systems run on older technology that was already set to be replaced, sources told CNN..." While there is some irony in it, even cybersecurity agencies or officials can be victims of hacking. After all, they rely on the same technology that others do. The US' top cybersecurity diplomat Nate Fick said last year that his personal account on social media platform X was hacked, calling it part of the "perils of the job."
Last month the U.S. Department of Homeland Security experienced a breach at its Cybersecurity and Infrastructure Security Agency, reports the Record, "through vulnerabilities in Ivanti products, officials said..."
"The impact was limited to two systems, which we immediately took offline," the spokesperson said. We continue to upgrade and modernize our systems, and there is no operational impact at this time."
"This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience." CISA declined to answer a range of questions about who was behind the incident, whether data had been accessed or stolen and what systems were taken offline.
Ivanti makes software that organizations use to manage IT, including security and system access. A source with knowledge of the situation told Recorded Future News that the two systems compromised were the Infrastructure Protection (IP) Gateway, which houses critical information about the interdependency of U.S. infrastructure, and the Chemical Security Assessment Tool (CSAT), which houses private sector chemical security plans. CISA declined to confirm or deny whether these are the systems that were taken offline. CSAT houses some of the country's most sensitive industrial information, including the Top Screen tool for high-risk chemical facilities, Site Security Plans and the Security Vulnerability Assessments.
CISA said organizations should review an advisory the agency released on February 29 warning that threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways including CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893.
"Last week, several of the world's leading cybersecurity agencies revealed that hackers had discovered a way around a tool Ivanti released to help organizations check if they had been compromised," the article points out.
The statement last week from CISA said the agency "has conducted independent research in a lab environment validating that the Ivanti Integrity Checker Tool is not sufficient to detect compromise and that a cyber threat actor may be able to gain root-level persistence despite issuing factory resets."
UPDATE: The two systems run on older technology that was already set to be replaced, sources told CNN..." While there is some irony in it, even cybersecurity agencies or officials can be victims of hacking. After all, they rely on the same technology that others do. The US' top cybersecurity diplomat Nate Fick said last year that his personal account on social media platform X was hacked, calling it part of the "perils of the job."
Forgotten Knowledge (Score:2)
I went to a seminar way back when spooks were on the side of the citizenry about how to deal with critical data that can't leak.
TL;DR If you can route to it you can't protect it.
(Message passing with multiple layers and novel hardware was discussed.)
Sure, network switching with IP and VLAN's is easy and cheap but it's not great for security.
CISA is high profile so anything they put online will be targeted and eventually exploited with some degree of certainty.
They could try being less creepy and they might
Re: (Score:2)
I went to a seminar way back when spooks were on the side of the citizenry about how to deal with critical data that can't leak.
TL;DR If you can route to it you can't protect it.
If you look at safety systems in motor vehicles or public transportation systems: nobody ever thinks, that accidents won't happen. All these safety systems do is guarantee, that such "wrong decisions made by computer" are extremely rare. If we step in a car, we don't expect power steering to drive us off the freeway. If we travel by train, we don't expect a switch to route our train into another one. Both events do happen once in a while, but those are typically freak events and make news head lines. If saf
Did US cybersecurity eventually work out (Score:1)
that the name "Ivanti" might be a clue to why things went pear-shaped?