In what looks like a continuation of supply chain type attacks on corporations and government agencies, the US Department of Homeland Security (DHS) is currently investigating the potential breach of multiple US agencies that were exposed through flaws in Ivanti’s Pulse Connect Secure VPN product.
DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has been working with organizations that were targeted or potentially affected by the Pulse Connect Secure vulnerabilities. CISA’s deputy executive assistant director, Matt Harmon, provided further details in a statement to Bloomberg, saying:
“CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access. We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly.”
Just a week earlier, CISA had issued an emergency directive to agencies using Ivanti’s VPNs to take steps to identify any indications of a possible breach, which included running the Pulse Connect Secure Integrity Tool. This also follows on the heels of another massive supply chain attack in which malicious code was delivered to SolarWinds customers via software updates.
Reducing Risk and Exposure
With the ongoing trend of supply chain attacks being leveraged to reach specific targets within a vendor’s customer base, it’s become increasingly important for organizations to follow cyber-hygiene best practices to reduce risk and exposure at a time when large corporations and government agencies are being regularly targeted. While there’s no way to completely eliminate the risk of a breach, there are steps that can be taken to effectively reduce and minimize overall exposure.
General cyber-hygiene guidelines include:
- Prioritizing available updates by severity and environmental exposure
- Limiting account permissions in accordance to principle of least privilege
- Upgrading to the latest version of your operating system
- Removing software that has reached end of life status, and migrate away from obsolete operating systems that are no longer supported
- Leveraging multi-factor authentication for software access
- Eliminating “shared user” accounts
- Setting password policies for accounts and auditing unused accounts regularly
- Isolating any necessary computer systems that cannot be updated
- Tracking and auditing remote desktop login attempts
- Ensuring that audit logs are enabled for all remote connections and identifying any unusual activity
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.
