The U.S. Cybersecurity and Infrastructure Security Agency, working with its U.S. and international partners, has announced a joint advisory on the multiple cyberattack vulnerabilities of the Ivanti Connect Secure and Ivanti Policy Secure gateways.
The announcement followed Emergency Directive 24-01 that CISA released in January ordering U.S. government agencies’ immediate action to mitigate cyberthreats to the two actively exploited Ivanti platforms. The Canadian Centre for Cyber Security also issued a similar alert, including periodic updates.
CISA said its partners in crafting the joint advisory include the FBI and cybersecurity organizations in Australia, the United Kingdom, Canada and New Zealand. The collaborative cybersecurity advisory provides network defenders access to detection methods, including Volexity’s open source YARA and Mandiant’s compromise indicators.
According to CISA, users of the Ivanti gateways should presume that a sophisticated and persistent cyberthreat actor could appear dormant and conduct malicious activities later. The agency further urges caution when organizations select a virtual private network and consider the risks of continuing their use of the platforms.
Eric Goldstein, CISA executive assistant director, strongly encouraged organizations using the Ivanti products to adopt the steps provided in the advisory, which he said is based on industry partnerships, incident reports and evaluations.
