The Register: More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans

Apr 25, 2025

—

Source URL: https://www.theregister.com/2025/04/25/more_ivanti_attacks_may_be/
Source: The Register
Title: More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans

Feedly Summary: GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures
Ivanti VPN users should stay alert as IP scanning for the vendor’s Connect Secure and Pulse Secure systems surged by 800 percent last week, according to threat intel biz GreyNoise.…

AI Summary and Description: Yes

Summary: The text discusses a significant rise in IP scanning activity targeting Ivanti VPN users, indicating potential upcoming vulnerabilities. This serves as a critical alert for professionals in security, emphasizing the need for proactive measures in response to increased threat intelligence.

Detailed Description: The report from GreyNoise highlights important trends in cyber threat activity, particularly focusing on Ivanti’s VPN products. The notable surge in IP scanning activity (by 800 percent) signals potential exploits or vulnerabilities on the horizon, making it essential for cybersecurity teams to take preventative actions.

– **Increased Threat Activity**: A substantial uptick in IP scanning was detected aimed at Ivanti Connect Secure and Pulse Secure systems.
– **Implications for Security**: The 800 percent increase in scanning indicates that attackers may be preparing to exploit known or unknown vulnerabilities.
– **Proactive Measures Required**: Security teams managing Ivanti VPNs must stay vigilant and potentially implement additional security measures to mitigate risks.
– **Threat Intelligence Utility**: The information provided by GreyNoise exemplifies the importance of threat intelligence in anticipating security threats and preparing an effective response.

The rise in scanning activity could also be used as a case study for strengthening defenses in cloud computing infrastructure, particularly for organizations relying on VPN solutions for remote access and secure connectivity. Security professionals should consider enhancing monitoring and alerting mechanisms to detect and respond more swiftly to such suspicious activities.

2 2025 4 5 800 a access Act actions AGI AI and anti art as attack attackers attacks by C CI Cloud cloud computing cloud computing infrastructure co Computing computing infrastructure connectivity critical cyber cyber threat cybersecurit Cybersecurity D de defense defenses disclosure e effective end endpoint event exp expert Experts exploit exploits for g Gen GIS GreyNoise H high Highlight HR http HTTPS implications in information infrastructure Intel intelligence Ivanti Ivanti Connect Secure k known vulnerabilities l led Li M making man measures Monitor monitoring N no o of on organization organizations point potential potential exploits pre preventative action proactive proactive measures product products professionals Q R RCE red Remote Access report response Risk risks Ro s scanning Scanning Activity sec secure secure connectivity secure systems security security measure security measures security professionals security teams security threat security threats side Sig Signal solutions source SSE study Swift system systems T team Teams text the threat threat intel threat intelligence threats to Tor TP trends UI up US use user Users V vendor VPN vulnerabilities vulnerability vulnerability disclosure vulnerability disclosures Wi x