US Cybersecurity Agency Forced to Take Two Systems Offline Last Month After Ivanti Compromise
" A federal agency in charge of cybersecurity discovered it was hacked last month..." reports CNN. Last month the U.S. Department of Homeland Security experienced a breach at its Cybersecurity and Infrastructure Security Agency, reports the Record, "through vulnerabilities in Ivanti products, officials said..." "The impact was limited to two systems, which we immediately took offline," the spokesperson said. We continue to upgrade and modernize our systems, and there is no operational impact at this time." "This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience." CISA declined to answer a range of questions about who was behind the incident, whether data had been accessed or stolen and what systems were taken offline. Ivanti makes software that organizations use to manage IT, including security and system access. A source with knowledge of the situation told Recorded Future News that the two systems compromised were the Infrastructure Protection (IP) Gateway, which houses critical information about the interdependency of U.S. infrastructure, and the Chemical Security Assessment Tool (CSAT), which houses private sector chemical security plans. CISA declined to confirm or deny whether these are the systems that were taken offline. CSAT houses some of the country's most sensitive industrial information, including the Top Screen tool for high-risk chemical facilities, Site Security Plans and the Security Vulnerability Assessments. CISA said organizations should review an advisory the agency released on February 29 warning that threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways including CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893. "Last week, several of the world's leading cybersecurity agencies revealed that hackers had discovered a way around a tool Ivanti released to help organizations check if they had been compromised," the article points out. The statement last week from CISA said the agency "has conducted independent research in a lab environment validating that the Ivanti Integrity Checker Tool is not sufficient to detect compromise and that a cyber threat actor may be able to gain root-level persistence despite issuing factory resets." UPDATE: The two systems run on older technology that was already set to be replaced, sources told CNN..."While there is some irony in it, even cybersecurity agencies or officials can be victims of hacking. After all, they rely on the same technology that others do. The US' top cybersecurity diplomat Nate Fick said last year that his personal account on social media platform X was hacked, calling it part of the "perils of the job."
Read more of this story at Slashdot.