Security News > 2024 > June > CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities

US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool portal.

Essentially, it's used to determine which facilities are deemed high risk under Chemical Facility Anti-Terrorism Standards regulations.

In normal circumstances, only facility members who have passed the Chemical-terrorism Vulnerability Information training and certification are allowed to access the portal.

As for what those who broke into the CSAT were up to, CISA said there's no evidence to suggest any data was stolen.

It listed a number of concerning data types that were potentially accessed to some degree, but said in a letter [PDF] to affected individuals that all of the data was encrypted using AES-256 and that the encryption keys weren't reachable with the level of access the attackers had. Among the exposed data were Top-Screen surveys, which are online questionnaires used by chemical facilities to declare what chemicals of interest they possess, and the details submitted are used to designate how much of a security risk that facility poses to the US. Unencrypted access to this information would have given onlookers details about what chemicals are stored where - and in what quantities.

"Following the reporting requirements under the Federal Information Security Modernization Act, CISA notified participants in the Chemical Facility Anti-Terrorism Standards program about the intrusion and the potentially impacted information," CISA said.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/06/25/cisa_ivanti_chemical_facilities/