Software company Ivanti is trying to stay ahead of the curve in grappling with the major hack of its Pulse Connect Secure virtual private network (VPN). Pulse Secure had its legitimate files altered by hackers in order to install webshells onto devices. After two weeks of analyzing cause and effect, Ivanti has presented a patch update for a zero-day authentication bypass loophole in the VPN of the software. However, the fix came with the stipulation that the situation is not quite fully under control. That, combined with the fact that the attackers first gained entry circa June 2020, adds another alarming incident to a growing list of COVID-era data breaches.
As the consequences of this breach unfold, Pulse is primed to enter the upper echelon of headline-making, data-compromised victims. Time will tell if the situation will escalate to the point of being equated with the SolarWinds and Microsoft Exchange Server hacks. The commonality is striking: all three germinated from hacked network entry and ultimately predicated their information reaping on persistent backdoor surveillance.
Although the actual victim count may be lower in total than the aforementioned campaigns, the Pulse attack is equally harrowing in its reach. Attackers had uninterrupted and unprecedented access into U.S. federal agencies and leading companies for months on end. The threat level is apparent considering the Cybersecurity and Infrastructure Security Agency set its strongest emergency powers into motion by mandating all civilian government agencies to immediately self-assess and implement recommended countermeasures. This drastic measure being invoked two times within two months (the other being for the Exchange Server hack) is tantamount to lightning striking twice for the guarded agency.
The Deputy Executive Assistant Director at CISA, Matt Hartman, said, “CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access. We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly.” CISA had reported awareness of at least 24 agencies using the program, without comment on the possibility of breach for those.
Whether or not a deep-seated data hack comes to fruition for all 5 federal civilian agencies as pinpointed by CISA is tempered by the supposition that the tactics used for the Pulse infiltration aren’t as advanced as those in the previous newsmakers. Eric Goldstein, CISA’s Cybersecurity Chief, said these attacks "do not show the same highly complex tradecraft, or evidence of a supply chain attack, as we saw in the SolarWinds intrusions.”