Threat intelligence firm GreyNoise reported an 800% increase in IP scanning for Ivanti's Connect Secure and Pulse Secure systems, indicating a potential preparation for exploitation of new vulnerabilities. Normally, daily scanning involves under 30 unique IPs; however, on April 18, this number skyrocketed to 234. Over the past 90 days, 1,004 unique IPs scanned those endpoints, with a notable portion categorized as suspicious or malicious. Ivanti encourages users to migrate from unsupported software versions to protect against attacks on outdated vulnerabilities.
"This surge may indicate coordinated reconnaissance and possible preparation for future exploitation," the infosec biz stated earlier this week.
Ivanti Connect Secure has been targeted repeatedly in recent years due to its role in enterprise remote access.
Ivanti said people should have migrated from Pulse Secure appliances and Connect Secure 9.1 Rx software as it's now out of support.
Threat actors often exploit known vulnerabilities in end-of-life (EOL) products, which no longer receive patches or support, making them highly susceptible to N-Day attacks.
Collection
[
|
...
]