Ivanti Connect Secure VPN faced a significant security breach involving two critical vulnerabilities – CVE-2023-46805 and CVE-2024-21887. These vulnerabilities allowed attackers to bypass authentication and execute arbitrary commands remotely. The attackers were able to steal sensitive data, modify files, and set up web shells for persistent network access.

The attacker modifies a native Python package (cav-0.1-py3.6.egg) used by a web server. The attacker adds code to the package, enabling the web server to identify specific server requests containing content starting with the characters “GIF”. When such a request is received, the script within the modified package decodes the base64-encoded request and executes the resulting commands, effectively opening a shell on the server.

In the rapidly evolving world of cybersecurity, the recent breach of Ivanti Connect Secure VPN underscores the critical need for robust and proactive security measures. As attackers continually refine their tactics and exploit vulnerabilities, the demand for advanced cybersecurity solutions becomes ever more pressing. This is where GoSecure, a leader in the cybersecurity industry, comes into play.

GoSecure: Leading with Expertise and Action

GoSecure is a frontrunner in cybersecurity solutions, offering a comprehensive suite of tools and services designed to protect against a wide range of digital threats. With a focus on innovation, expertise, and a deep understanding of the cyber threat landscape, GoSecure provides effective and adaptive solutions to safeguard businesses and organizations.

This is exemplified by our recent engagement with clients facing critical security incidents. One such instance involved a client who approached us for a Digital Forensics & Incident Response Service (DF & IR) unrelated to our GoSecure Titan® Managed Extended Detection and Response (MXDR) service. Our team provided expert guidance and effective solutions to address their specific security needs promptly.

Moreover, another client, actively enrolled in our GoSecure Titan® MXDR service, experienced a direct impact from the Ivanti breach on their unmanaged devices. Our Security Operations Center (SOC) team was quick to respond, engaging in a late-night meeting to determine the next steps. As their trusted advisor, we conducted a thorough analysis and guided them through the DF & IR process, focusing on quickly resolving issues with unmanaged devices that were breached.

GoSecure Services for Enhanced Protection

GoSecure Titan® Managed Extended Detection and Response (MXDR):

GoSecure Titan® MXDR leverage advanced threat detection mechanisms, such as behavioral analysis, machine learning, and anomaly detection, to identify suspicious activities all of which also applies to zero-day threats. In case the unthinkable happen, privilege escalation and lateral movement can be quickly detected and mitigated.

The real-time monitoring and event logging enables quick investigation of what has happened and enables IT personal with the visibility they need to assess risks quickly and reliably.

GoSecure Titan® Vulnerability Management as A Service (VMaaS):

Zero-day vulnerabilities rarely come alone. Threat actors will need to perform privilege escalation or lateral movement to reach their objectives. These additional steps are often performed by leveraging existing low and medium vulnerabilities.

GoSecure Titan® VMaaS is designed to close that gap. It will Identify assets and exposure through scanning, prioritize threats using contextual analysis and respond by updating systems and applications to strengthen resistance to attacks, shorten remediation times and maintain compliance.

Many organizations lack the resources, time, and expertise to effectively manage vulnerabilities and often spend their time patching the wrong vulnerabilities.

GoSecure Titan® VMaaS combines industry leading technology with expert analysis to provide unsurpassed speed, accuracy, consistency, and reliability, giving the organization customized vulnerability management program making them more secure, even against zero-days, while saving time and money.

Recommendations for Organizations:

  • Prompt Patch Management: Ensure all systems, including VPN solutions, are regularly updated with the latest security patches.
  • Regular Security Audits: Conduct thorough security audits to identify potential vulnerabilities within the network.
  • Enhanced Monitoring: Utilize network monitoring and anomaly detection tools to identify unusual network patterns indicative of an attack.
  • Incident Response Plan: Have a robust incident response plan in place to quickly contain and mitigate any breaches.

The Ivanti Connect Secure VPN breach serves as a reminder of the constantly evolving threat landscape and the need for organizations to stay vigilant and proactive in their cybersecurity efforts. Implementing solutions like GoSecure Titan® MXDR and GoSecure Titan® VMaaS can provide a more comprehensive defense against such sophisticated cyber threats.

Visit www.gosecure.net to learn more.

Authors: Ben Mabey & Ryan Ackroyed

UPDATE: Shortly after the publication of this security advisorynew developments have emerged regarding Ivanti’s security posture. A newly identified server-side request forgery (SSRF) vulnerability, tracked as CVE-2024-21893, affecting Ivanti Connect Secure and Ivanti Policy Secure servers, is currently being exploited on a mass scale. This vulnerability represents a critical threat, as highlighted by recent attacks and the subsequent urgent advisory from Ivanti for immediate patching. 

In response to these escalating threats, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive for federal agencies to disconnect affected Ivanti VPN technology within 48 hours, a measure reflecting the gravity of the situation.

Ivanti has also released mitigation instructions for those unable to apply the latest patches immediately, further underscoring the necessity for rapid action in safeguarding against these vulnerabilities. 

We urge everyone to review these developments closely. Our team is actively reaching out to provide personalized advisories and support in navigating these updates. Ensuring the security of your infrastructure against such sophisticated threats is our utmost priority, and we are committed to delivering the most current and comprehensive guidance in these challenging times. Your vigilance and prompt action in response to these advisories are crucial in maintaining a robust defense against these and future cybersecurity challenges. 

GoSecure Titan® Managed Extended Detection & Response (MXDR)​

GoSecure Titan® Managed Extended Detection & Response (MXDR)​ Foundation

GoSecure Titan® Vulnerability Management as a Service (VMaaS)

GoSecure Titan® Managed Security Information & Event Monitoring (SIEM)

GoSecure Titan® Managed Perimeter Defense​ (MPD)

GoSecure Titan® Inbox Detection and Response (IDR)

GoSecure Titan® Secure Email Gateway (SEG)

GoSecure Titan® Threat Modeler

GoSecure Titan® Identity

GoSecure Titan® Platform

GoSecure Professional Security Services

Incident Response Services

Security Maturity Assessment

Privacy Services

PCI DSS Services

Penetration Testing Services​

Security Operations

MicrosoftLogo

GoSecure MXDR for Microsoft

Comprehensive visibility and response within your Microsoft security environment

USE CASES

Cyber Risks

Risk-Based Security Measures

Sensitive Data Security

Safeguard sensitive information

Private Equity Firms

Make informed decisions

Cybersecurity Compliance

Fulfill regulatory obligations

Cyber Insurance

A valuable risk management strategy

Ransomware

Combat ransomware with innovative security

Zero-Day Attacks

Halt zero-day exploits with advanced protection

Consolidate, Evolve & Thrive

Get ahead and win the race with the GoSecure Titan® Platform

24/7 MXDR FOUNDATION

GoSecure Titan® Endpoint Detection and Response (EDR)

GoSecure Titan® Next Generation Antivirus (NGAV)

GoSecure Titan® Network Detection and Response (NDR)

GoSecure Titan® Inbox Detection and Reponse (IDR)

GoSecure Titan® Intelligence

ABOUT GOSECURE

GoSecure is a recognized cybersecurity leader and innovator, pioneering the integration of endpoint, network, and email threat detection into a single Managed Extended Detection and Response (MXDR) service. For over 20 years, GoSecure has been helping customers better understand their security gaps and improve their organizational risk and security maturity through MXDR and Professional Services solutions delivered by one of the most trusted and skilled teams in the industry.

EVENT CALENDAR

May 21 ITSec

LATEST PRESS RELEASE

GOSECURE BLOG

SECURITY ADVISORIES

 24/7 Emergency – (888)-287-5858