January 19, 2024 at 02:30PM
CISA issued an emergency directive to address widespread exploitation of Ivanti Connect Secure and Ivanti Policy Secure flaws by threat actors. Federal agencies must immediately implement mitigation measures, report indications of compromise, and take action to restore impacted appliances. Threat monitoring service has detected compromised Ivanti appliances being used for diverse malicious activities by threat actors.
Based on the provided meeting notes, the following key takeaways can be derived:
– CISA issued an emergency directive, ED 24-01, requiring Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate the Ivanti Connect Secure and Ivanti Policy Secure zero-day flaws due to active exploitation by multiple threat actors.
– Agencies are instructed to implement Ivanti’s publicly disclosed mitigation measures, report indications of compromise to CISA, and remove compromised products from agency networks. They are also required to take specific actions to restore impacted appliances and report a complete inventory of all instances of Ivanti products.
– Threat monitoring services have identified over 16,200 ICS VPN appliances exposed online and more than 600 compromised Ivanti Connect Secure VPN instances, with threat actors deploying malware and targeting various organizations worldwide, including government and military departments, defense contractors, technology companies, and financial organizations.
These takeaways highlight the urgency and severity of the situation, emphasizing the need for immediate action and heightened security measures to address the ongoing threats and potential compromises to agency information systems.