CISA Sounds Alarm on Ransomware Gangs Targeting Unpatched Ivanti Flaw
CISA Warns of Resurgence of Malware Exploiting Ivanti Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the resurgence of malware exploiting a previously patched vulnerability in Ivanti's Neurons product.
According to CISA, the vulnerability, tracked as CVE-2020-10149, allows an attacker to execute arbitrary code on an affected system. Ivanti patched the flaw in 2020, but CISA notes that the malware has recently seen a resurgence in attacks, likely due to the increased use of remote work and the exploitation of previously patched vulnerabilities.
The malware, known as "Ivanti Exploit," is a remote code execution vulnerability that affects Ivanti's Neurons product, which is used for endpoint management and security. An attacker can exploit the vulnerability by sending a specially crafted packet to an affected system, allowing them to execute arbitrary code and gain control of the system.
CISA warns that the malware is highly likely to be used in targeted attacks against organizations that use Ivanti's Neurons product. The agency advises organizations to patch the vulnerability as soon as possible and to implement additional security measures to prevent exploitation.
In addition, CISA recommends that organizations implement the following measures to prevent exploitation:
- Disable the Neurons service on affected systems until a patch is available
- Implement a web application firewall (WAF) to block traffic to the affected service
- Monitor system logs for suspicious activity
- Implement a vulnerability management program to ensure timely patching of vulnerabilities
The resurgence of malware exploiting the Ivanti flaw highlights the importance of keeping software up to date and implementing robust security measures to prevent exploitation. Organizations that use Ivanti's Neurons product should take immediate action to patch the vulnerability and implement additional security measures to prevent exploitation.