Last week, a significant data breach was announced by the Norwegian government. It was discovered that 12 government ministries had fallen victim to a hack that exploited a “zero-day” vulnerability (i.e. previously unknown exploit, cataloged as CVE-2023-35078). The vulnerability was in one of the government’s third-party platforms, @Ivanti’s mobile endpoint management system, that allows users to access the Norwegian government network. By exploiting the vulnerability, attackers could remotely access users’ information, including emails, without requiring credentials.
The breach only came to light when unusual data traffic was detected, raising a red flag. It still remains unclear who is responsible for the hack; however, it is worth noting that a recent attack in Norway was attributed to Russia-linked group, Killnet.
Following the incident, Ivanti released a patch to their software, which is used by thousands of other organizations. However, the Norwegian security organizations still investigate the full extent of the damage caused.
Key lessons from this incident:
-
Update Ivanti’s Mobile Endpoint Management System: If you are currently using Ivanti’s mobile endpoint management system, it is crucial to update it immediately.
-
Implement Network Detection and Response (NDR) System: “Zero-day” attacks are particularly hard to identify, as they exploit previously unknown vulnerabilities. Deploying a Network Detection and Response (NDR) system with real-time Detection (IDS) and anomaly detection capabilities can help detect and respond to such attacks promptly.
-
Segregate Sensitive Information and Manage User Access: To minimize the potential damage in the event of a breach, it is essential to segregate sensitive information and carefully manage user access credentials. This approach prevents unauthorised access to critical data and limits the scope of a potential breach.
Contact us to learn how Cydome can help you prevent such unknown vulnerabilities with real-time anomaly detection.
