Advisory details how cyber actors deployed vulnerabilities in attack on Ivanti cloud products 

Jan 24, 2025 - 01:21 PM
cybersecurity-hand-lock-graphic_900x400

The Cybersecurity and Infrastructure Security Agency and FBI Jan. 22 released an advisory explaining how cyberthreat actors “chained” vulnerabilities — deploying multiple vulnerabilities in rapid succession — during attacks on certain versions of Ivanti Cloud Service Appliances in September. Threat actors used an administrative bypass, structured query language and remote code execution vulnerabilities during the attack. The agencies said the actors gained initial access, obtained credentials and implanted webshells on victim networks.

“These attacks serve as another reminder of the importance of patch management in defending networks,” said Scott Gee, AHA deputy national advisor of cybersecurity and risk. “Think of this as a thief using bolt cutters to get through a perimeter fence, using a pry bar to force the door to the building open, and then using a hammer to break the glass protecting the jewels they came to steal. The good news for network defenders in this instance regarding Ivanti is that each of these tools can be detected.”

CISA and the FBI strongly encouraged network administrators to upgrade to the latest supported version of Ivanti CSA.

“Any hospitals still using outdated versions of Ivanti CSA should update their systems immediately,” Gee said. “If unable to remove the outdated version, network security teams should implement detections based on the indicators of compromise in the advisory and understand the risk posed by this vulnerable technology.”

For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
Agencies release guide on selecting and integrating security into operational technology products
A guide published Jan. 13 by the Cybersecurity and Infrastructure Security Agency, National Security Agency, FBI, Environmental Protection Agency,…
Headline
AHA podcast: How to Survive a Cyberattack with Scripps Health — Part Four
In the last of this four-part conversation, four leaders from Scripps Health — Chris Van Gorder, president and CEO, Todd Walbridge, senior director of…
Headline
HHS guidance offers solutions to protect telehealth platforms from cybercriminals 
The Department of Health and Human Services Health Sector Cybersecurity Coordination Center Jan. 8 released guidance on cybersecurity for telehealth…
Headline
AHA podcast: How to Survive a Cyberattack with Scripps Health — Part Three 
In the third of this four-part conversation, three experts from Scripps Health talk through the day their organization experienced a cyberattack, the…
Headline
FBI issues alert on HiatusRAT malware
The FBI Dec. 16 released an alert warning of malicious activity by cyber actors using Hiatus Remote Access Trojan malware to attack Chinese-branded web cameras…
Headline
CISA seeks comments on updated National Cyber Incident Response Plan 
The Cybersecurity and Infrastructure Security Agency is seeking comments on its draft National Cyber Incident Response Plan Update. The plan describes how the…