Hackers exploit critical vulnerabilities worldwide to gain control of Ivanti VPN appliances. Compromised VPNs are in Germany, the United Kingdom, Italy, and the Netherlands.
That’s according to new figures from security company Censys. On Jan. 10, Ivanti announced that its product had vulnerabilities. Meanwhile, Censys speaks of “worldwide mass exploitation.”
When the vulnerabilities are exploited, hackers can execute commands on vulnerable servers, disrupting corporate operations. Thousands of corporate devices are vulnerable as a result. However, Ivanti has not yet released an official patch.
The numbers
Censys performed scans on the Ivanti Connect Secure servers in its dataset. Based on that, the security company identified 412 unique hosts with the backdoor. In total, there are just over 26,000 unique Connect Secure hosts. This means that 1.5 per cent of hosts are compromised.
Censys’ figures show that the vulnerabilities are pursuing the Ivanti VPNs of 11 Dutch organizations. This number is considerably less than the number of companies in larger countries. The United States has 121 affected organizations, while Germany (26) and the United Kingdom (17) are Europe’s worst affected. The chart below shows that the Netherlands is at the bottom of the list.
Meanwhile, several security researchers have studied the vulnerability and its misuse extensively. Based on analyses, Volexity, for example, has “reason to believe that UTA0178 is a Chinese nation-state-level threat actor.” Mandiant adds that the cyber attackers are out for espionage.
1 day ago
