The Cybersecurity and Infrastructure Security Agency and FBI Jan. 22 released an advisory explaining how cyberthreat actors “chained” vulnerabilities — deploying multiple vulnerabilities in rapid succession — during attacks on certain versions of Ivanti Cloud Service Appliances in September. Threat actors used an administrative bypass, structured query language and remote code execution vulnerabilities during the attack. The agencies said the actors gained initial access, obtained credentials and implanted webshells on victim networks.

“These attacks serve as another reminder of the importance of patch management in defending networks,” said Scott Gee, AHA deputy national advisor of cybersecurity and risk. “Think of this as a thief using bolt cutters to get through a perimeter fence, using a pry bar to force the door to the building open, and then using a hammer to break the glass protecting the jewels they came to steal. The good news for network defenders in this instance regarding Ivanti is that each of these tools can be detected.”

CISA and the FBI strongly encouraged network administrators to upgrade to the latest supported version of Ivanti CSA.

“Any hospitals still using outdated versions of Ivanti CSA should update their systems immediately,” Gee said. “If unable to remove the outdated version, network security teams should implement detections based on the indicators of compromise in the advisory and understand the risk posed by this vulnerable technology.”

For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
The FBI, Cybersecurity and Infrastructure Security Agency and international agencies July 29 released a joint advisory on recent tactics by the Scattered…
Headline
Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based…
Headline
The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center…
Headline
Microsoft July 19 issued an alert about active attacks from vulnerabilities targeting SharePoint servers used within organizations. The incidents have not…
Headline
In his latest AHA Cyber and Risk Intel blog, Scott Gee, AHA deputy national advisor for cybersecurity and risk, explains how hospitals can prepare for and…
AHA Cyber Intel
In today’s heightened threat environment, driven by domestic and geopolitical issues, it is more critical than ever for hospitals to prepare for and mitigate…