Nominet Confirms Cybersecurity Incident Linked to Ivanti VPN Hacks

Nominet Confirms Cybersecurity Incident Linked to Ivanti VPN Vulnerability

Nominet, the registry responsible for managing .co.uk domain names in the United Kingdom, has recently been the target of a cybersecurity breach.

This incident has been directly attributed to the exploitation of a newly discovered vulnerability within Ivanti VPN solutions.

Details of the Security Incident

An email communication, reviewed by TechCrunch, revealed that Nominet is currently addressing an “ongoing security incident” and conducting a thorough investigation.

The access to Nominet’s systems was gained through VPN software provided by Ivanti, specifically leveraging a previously unknown, or “zero-day,” vulnerability.

This meant that preventative security measures, such as patching, were not possible before the intrusion occurred.

Ivanti VPN Vulnerability – A Wider Issue

Ivanti acknowledged last week that a vulnerability in its Connect Secure VPN appliance was being actively exploited by malicious actors.

This exploitation allowed unauthorized access to the networks of numerous customers.

While Ivanti has not disclosed the total number of affected organizations, cybersecurity specialists at watchTowr Labs have reported observing “widespread” compromises.

Nominet’s Response and Current Status

Nominet is the first organization to publicly acknowledge being impacted by this specific Ivanti vulnerability.

Currently, the company states that there is “no evidence of data breach or leakage” resulting from the incident.

As a precautionary measure, access to the affected VPN software has been restricted while the investigation continues.

Key Takeaways

• The incident highlights the risks associated with zero-day vulnerabilities.
• Ivanti’s Connect Secure VPN appliance is the source of the compromise.
• Nominet is actively working to contain the incident and secure its systems.
• Early indications suggest no data has been compromised, but investigations are ongoing.