March 1, 2024 at 02:33AM
The Five Eyes intelligence alliance issued a cybersecurity advisory warning about cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways. They cautioned that the Integrity Checker Tool may provide a false sense of security, allowing threat actors root-level persistence despite factory resets. Ivanti has disclosed five security vulnerabilities and is taking steps to address the risks.
From the meeting notes, the key takeaways are:
1. The Five Eyes intelligence alliance has issued a cybersecurity advisory warning about cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways. It emphasized that the Integrity Checker Tool (ICT) can be deceived to provide a false sense of security.
2. Five security vulnerabilities impacting Ivanti products have been disclosed since January 10, 2024, which are actively exploited by multiple threat actors to deploy malware. These vulnerabilities have specific CVE numbers and CVSS scores.
3. Mandiant described an analysis of an encrypted version of malware known as BUSHWALK placed in a directory excluded by ICT. Eclypsium also highlighted how the tool skips several directories from being scanned, potentially allowing attackers to leave behind backdoors.
4. The advisory suggests that a sophisticated threat actor may deploy rootkit level persistence on a device that has been reset and lay dormant for an arbitrary amount of time. Organizations are advised to consider the significant risk and potential adversary access and persistence on Ivanti gateways.
5. Ivanti responded to the advisory by stating it’s not aware of any instances of successful threat actor persistence following the implementation of security updates and factory resets. It also announced the release of a new version of the ICT that provides additional visibility into a customer’s appliance and all files present on the system.
These takeaways reflect the major points discussed in the meeting notes.