Zero-Day Flaw in Ivanti Software Compromises Norwegian Government Agencies
Introduction
The Norwegian government recently experienced a major data breach as hackers exploited a zero-day vulnerability in Ivanti’s mobile terminal management software. This attack compromised a dozen government agencies in Norway, and there is concern that thousands of other organizations may also be at risk. This article provides an overview of the attack, its implications, and the steps being taken to address the vulnerability.
Details of the Attack
The Norwegian Organization for Security and Services (DSS) issued a statement confirming that a “data attack” had targeted the IT platform used by 12 government ministries. While the affected ministries were not named, it was clarified that several offices, including the Prime Minister’s Office, Ministry of Defence, Ministry of Justice, and Ministry of Foreign Affairs, were unaffected.
The DSS attributed the attack to a previously unknown vulnerability in the software of one of their vendors. Subsequently, the Norwegian National Security Authority (NSM) confirmed that the hackers had exploited a previously undiscovered flaw in Ivanti Endpoint Manager Mobile (EPMM; formerly MobileIron Core) to compromise the government agencies.
Ivanti’s EPMM software allows authorized users and devices to access corporate or government networks. The vulnerability, known as CVE-2023-35078, is an authentication bypass flaw that affects all supported versions of Ivanti EPMM, including older and unsupported versions. Exploiting this vulnerability allows remote access to the software without credentials, potentially compromising users’ personal information and enabling unauthorized changes to the affected server.
Response and Patch
Upon discovering the vulnerability, Ivanti promptly developed and released a patch to address the issue. The company is actively assisting customers in applying the fix and remains committed to delivering secure products while following responsible disclosure protocols. However, there have been concerns regarding the initial handling of the vulnerability. Ivanti initially made detailed information about the flaw available only behind a paywall, and potentially affected clients were requested to sign confidentiality agreements before accessing the information.
In response to the attack, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning about the creation of an EPMM administrative account, which could lead to further compromises. The full extent of the consequences from this zero-day flaw remains to be seen, and it is vital for organizations to apply the provided patches to protect their systems.
Potential Impact and Concerns
The breach of Norwegian government agencies raises significant concerns about data security and the potential exposure of sensitive information. The Norwegian National Security Authority (NSM) has already notified the Norwegian Data Protection Authority (DPA) about the attack, indicating the possibility that sensitive data may have been extracted from the compromised systems.
Furthermore, the reach of this zero-day vulnerability extends beyond the Norwegian government. A search on Shodan, a search engine for publicly exposed devices, indicates that there are over 2,900 MobileIron portals exposed to the internet, primarily in the United States. This implies that many more organizations could be at risk if the necessary patches are not applied.
Given the severity of the vulnerability, it is crucial for organizations to take immediate action and ensure that their systems are properly secured. Failure to do so could result in further cyberattacks and potential data breaches.
Expanding on the Topic: Ensuring Cybersecurity in Today’s Threat Landscape
In today’s digital age, where cyber threats are increasingly sophisticated and prevalent, organizations must prioritize cybersecurity to protect sensitive data and maintain trust with their stakeholders. While the recent attack on Norwegian government agencies highlights the vulnerability of even well-established systems, it also serves as a valuable reminder of the importance of proactive security measures.
Here are some additional insights and perspectives to consider:
1. Zero-Day Vulnerabilities: A Growing Concern
The discovery and exploitation of zero-day vulnerabilities are particularly concerning for organizations and governments worldwide. Zero-day vulnerabilities are previously unknown flaws that are often targeted by advanced threat actors, as there are no available patches or defenses against them. This emphasizes the need for continuous monitoring, robust vulnerability management, and proactive security measures to mitigate such risks.
2. The Role of Responsible Disclosure and Collaboration
The handling of vulnerabilities and responsible disclosure play a vital role in maintaining a secure environment. Promptly identifying and addressing vulnerabilities, like Ivanti did in this case, is essential. However, transparent communication and collaboration between software vendors, security researchers, and affected organizations are equally crucial to ensure the timely dissemination of information and effective remediation.
3. The Importance of Patch Management
Applying patches and updates in a timely manner is critical to protecting systems from known vulnerabilities. Organizations must establish robust patch management practices that prioritize the rapid deployment of security updates. Automated patch management systems can streamline this process and minimize the risk of overlooking critical patches.
4. Enhanced Security Measures for Remote Access
As the prevalence of remote work continues to rise, organizations should implement enhanced security measures for remote access. This includes implementing multifactor authentication, utilizing virtual private networks (VPNs), and regularly auditing access privileges. By doing so, organizations can better safeguard sensitive information and reduce the risk of unauthorized access.
5. Continuous Monitoring and Threat Intelligence
Implementing robust monitoring systems and leveraging threat intelligence can significantly enhance an organization’s ability to detect and respond to potential cyber threats. Continuous monitoring allows for timely identification of unusual activities and potential breaches, enabling swift incident response and mitigation.
Summary
Hackers recently exploited a zero-day vulnerability in Ivanti’s mobile terminal management software, compromising several Norwegian government agencies. The attack highlighted the severity of the vulnerability, leading to concerns about potential data breaches and unauthorized access to sensitive information. Ivanti promptly released a patch to address the flaw, but concerns were raised about the initial handling of the vulnerability’s details. Organizations must prioritize cybersecurity, applying necessary patches promptly, enhancing remote access security measures, and establishing robust patch management practices. Continuous monitoring and threat intelligence are also crucial in today’s evolving threat landscape. By taking proactive measures, organizations can mitigate the risks associated with zero-day vulnerabilities and enhance their overall cybersecurity posture.
—————————————————-
| Article | Link |
|---|---|
| UK Artful Impressions | Premiere Etsy Store |
| Sponsored Content | View |
| 90’s Rock Band Review | View |
| Ted Lasso’s MacBook Guide | View |
| Nature’s Secret to More Energy | View |
| Ancient Recipe for Weight Loss | View |
| MacBook Air i3 vs i5 | View |
| You Need a VPN in 2023 – Liberty Shield | View |
Hackers exploited a zero-day flaw in Ivanti’s mobile terminal management software to compromise a dozen Norwegian government agencies, and thousands of other organizations could also be at risk.
The Norwegian Organization for Security and Services (DSS) said in a statement on Monday that a “data attack” had hit the IT platform used by 12 government ministries. The Norwegian government did not name the affected ministries, but the DSS confirmed that several offices were not affected, including the Norwegian Prime Minister’s Office, the Ministry of Defence, the Ministry of Justice and the Ministry of Foreign Affairs.
The DSS said the attack was the result of a “previously unknown vulnerability in the software of one of our vendors,” but did not share further details. However, the Norwegian National Security Authority (NSM) later confirmed that hackers had exploited a previously undiscovered flaw in Ivanti Endpoint Manager Mobile (EPMM; formerly MobileIron Core) to compromise Norwegian government agencies.
Sofie Nystrøm, director general of Norway’s NSM, said the government was unable to initially disclose the vulnerability due to “security reasons”, noting that the security flaw was discovered “for the first time here in Norway”.
Ivanti’s EPMM allows authorized users and devices to access a corporate or government network. The vulnerability, tracked as CVE-2023-35078, is an authentication bypass flaw that affects all supported versions of the Ivanti EPMM software, along with older and unsupported versions. If exploited, the vulnerability allows anyone over the Internet to remotely access the software, without the need for credentials, to access users’ personal information, such as names, phone numbers, and other mobile device details for users on a vulnerable system, as well as make changes to the affected server.
In an alert published on Monday, the US cybersecurity agency CISA warned that attackers could create an EPMM administrative account, allowing them to make further changes to a vulnerable system.
Bryan Thomas, a spokesperson for Ivanti through a third-party agency, told TechCrunch in a statement that after becoming aware of the vulnerability, the company “immediately developed and released a patch and is actively engaging with customers to help them apply the fix,” adding that “we remain committed to delivering and maintaining secure products, while practicing responsible disclosure protocols.”
However, Ivanti initially kept the details of the flaw, which was given a maximum vulnerability severity rating of 10 out of 10, behind a paywall, and supposedly asked Potentially affected clients to sign a confidentiality agreement before sharing details. At the time of writing, the Ivanti knowledge base article about vulnerability still requires users to log in before viewing.
in a short alert to the publicIvanti confirmed that it is “aware of a very limited number of customers who have been affected.” When asked by TechCrunch, the company declined to say exactly how many customers were affected or if it has seen any evidence of data exfiltration as a result of the attacks.
Norway’s NSM confirmed that it had notified the Norwegian Data Protection Authority (DPA) about the attack targeting government ministries, suggesting that hackers may have extracted sensitive data from the compromised systems.
The full extent of the consequences of this zero-day remains to be seen, but many more organizations could be at risk if the patches are not applied. According Shodana search engine for publicly exposed devices, there are more than 2,900 MobileIron portals exposed to the Internet, most of which are in the United States.
As noted According to cybersecurity researcher Kevin Beaumont, the vast majority of affected organizations, a list that includes numerous US and UK government departments, have yet to be patched.
Ivanti rushes to patch zero-day used to breach Norway’s government
—————————————————-