Saturday, July 13, 2024
EHA

Hackers Exploit FortiOS Vulnerabilities to Access Government and Technology Services Networks

Recently, in March, the news got spread all over the internet that hackers are currently exploiting three known Fortinet FortiOS vulnerabilities.

The case was initially detected by the FBI and CISA; and they affirmed that the main motive of the threat actors is to gain access to government, commercial, and technology services networks.

However, the government experts have noticed that the state-sponsored threat actors are continuously scanning the internet so that they can find all possible servers that are vulnerable.

After a joint investigation, the FBI and CISA both observed that the threat actors were investigating systems on ports 4443, 8443, and 10443. And not only this, but the hackers are continuously scanning the specified devices for the CVE-2020-12812 and CVE-2019-5591 flaws.

Summary and Technical details

According to the joint report, the APT threat actors have a long back history; that’s why, they have been exploiting all critical vulnerabilities so that they can easily conduct all their required operation.

The attacks that are being conducted by the APT hackers have distributed denial-of-service (DDoS) attacks, Structured query language(SQL) injection attacks, spearphishing campaigns, ransomware attacks, disinformation campaign, and website defacements.

After the examination, the FBI and CISA asserted that the APT threat actors are exploiting these Fortinet FortiOS vulnerabilities that we have mentioned below:-

Moreover, the threat actors were using different CVEs and some common technical methods so that they can obtain access to all the critical infrastructure networks to pre-position the attacks.

Flaws were used to hack the US election support systems

The APT threat actors have published a complete list of exploits in November 2020, and all these exploits could be abused by hackers or any threat actors to steal the credentials of VPN from 50000 vulnerable servers.

Due to these critical reasons, earlier Microsoft in September 2020 has already urged about the APT actors from major countries like China, Iran, and Russia are targeting the 2020 US elections.

Mitigations

  • Perform network segmentation.
  • Always use multi-factor authentication where possible.
  • Require administrator credentials to fit the software.
  • Every audit user accounts with executive privileges and configures access checks with the least privilege in mind. 
  • Perform a recovery plan to reinstate all the sensitive or proprietary data from a physically separate, segmented, secure location.
  • Always remember to install and regularly update security tools and software on all hosts.
  • Don’t forget to add an email banner to emails obtained from outside your organization.
  • Remember to disable hyperlinks in received emails.
  • Focus on awareness and training, to recognize and evade such attacks and phishing emails.

The FBI and CISA have worked many times to disclose the APT threat actors and many other attacks. That’s why now they have published a joint security advisory on attacks exploiting vulnerabilities in Fortinet systems.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles