By chaining vulnerabilities in VPN services and Windows 10, hackers managed to gain access to government networks according to a new joint security alert issued by the FBI and CISA. These attacks targeted federal government networks as well as state, local, tribal, and territorial (SLTT) networks, though they also targeted non-government networks. The FBI and CISA have warned in their joint cybersecurity advisory that information about the 2020 election could be threatened by hackers accessing these government networks, saying: “While it does not appear that these targets are being targeted due to their proximity to electoral information, there may be some risk to electoral information hosted on government networks. CISA is aware of a few cases where this activity has resulted in unauthorized access to electoral support systems; however, CISA has no evidence to date that the integrity of the electoral data has been compromised.
Exploit multiple vulnerabilities
The joint alert revealed that the hackers combined a vulnerability in the Fortinet ForitOS Secure Socket Layer (SSL) VPN, tracked as CVE-2018-13379, and the Zerlogon vulnerability in the Windows 10 Netlogon protocol, tracked as CVE-2020-1472. , to launch this recent wave of attacks. While vulnerabilities in Fortinet's VPN software give hackers initial access to a network, Zerologon allows them to take complete control of a specific network by taking control of domain controllers which are servers used to manage a network. network and often contain the passwords of all connected workstations. The joint FBI-CISA alert did not name the hackers behind this new wave of attacks, but did say they were "Advanced Persistent Threat Actors (APTs)," meaning they are likely state-sponsored hackers. . To avoid falling victim to these attacks, the agencies recommend that private and public sector organizations update their systems immediately because patches have been available for months. However, by not installing them, organizations have left themselves and their networks vulnerable to attack.- We've also highlighted the best VPN services