Nominet, the UK's domain registry responsible for maintaining .co.uk domains, has fallen victim to a cybersecurity incident linked to the recent exploitation of a new Ivanti VPN vulnerability. In an email to customers, Nominet warned of an "ongoing security incident" currently under investigation.
The incident is believed to have originated from hackers accessing Nominet's systems via "third-party VPN software supplied by Ivanti," which exploited a zero-day vulnerability in the VPN software. This means that Nominet had no opportunity to apply patches before the intrusion occurred.
The vulnerability in question is a previously unknown flaw in Ivanti's Connect Secure enterprise VPN appliance, which has been exploited by hackers to break into customers' networks. Ivanti confirmed the vulnerability last week, but has not disclosed the number of affected customers. However, cybersecurity firm WatchTower Labs has reported "widespread" compromises related to the vulnerability.
Nominet is the first organization to publicly confirm that it has been affected by the Ivanti bug. Fortunately, the company has stated that it currently has "no evidence of data breach or leakage" resulting from the incident. As a precautionary measure, Nominet has restricted access to the VPN software while it investigates the incident.
The incident highlights the importance of timely patching and vulnerability management, particularly in the context of widely used enterprise software like Ivanti's VPN appliance. It also underscores the need for organizations to have robust incident response plans in place to mitigate the impact of cybersecurity incidents.
The incident is likely to have significant implications for the cybersecurity posture of organizations that rely on Ivanti's VPN software. As more information becomes available, it is essential for these organizations to take proactive steps to assess their vulnerability to this exploit and implement necessary patches and mitigations.
In the broader context, this incident serves as a reminder of the ongoing cat-and-mouse game between cybercriminals and organizations. As new vulnerabilities are discovered and exploited, it is crucial for organizations to remain vigilant and invest in robust cybersecurity measures to protect their systems and data.