Tuesday, December 3, 2024
HomeExploitHackers Exploit FortiOS Vulnerabilities to Access Government and Technology Services Networks

Hackers Exploit FortiOS Vulnerabilities to Access Government and Technology Services Networks

Published on

SIEM as a Service

Recently, in March, the news got spread all over the internet that hackers are currently exploiting three known Fortinet FortiOS vulnerabilities.

The case was initially detected by the FBI and CISA; and they affirmed that the main motive of the threat actors is to gain access to government, commercial, and technology services networks.

However, the government experts have noticed that the state-sponsored threat actors are continuously scanning the internet so that they can find all possible servers that are vulnerable.

- Advertisement - SIEM as a Service

After a joint investigation, the FBI and CISA both observed that the threat actors were investigating systems on ports 4443, 8443, and 10443. And not only this, but the hackers are continuously scanning the specified devices for the CVE-2020-12812 and CVE-2019-5591 flaws.

Summary and Technical details

According to the joint report, the APT threat actors have a long back history; that’s why, they have been exploiting all critical vulnerabilities so that they can easily conduct all their required operation.

The attacks that are being conducted by the APT hackers have distributed denial-of-service (DDoS) attacks, Structured query language(SQL) injection attacks, spearphishing campaigns, ransomware attacks, disinformation campaign, and website defacements.

After the examination, the FBI and CISA asserted that the APT threat actors are exploiting these Fortinet FortiOS vulnerabilities that we have mentioned below:-

Moreover, the threat actors were using different CVEs and some common technical methods so that they can obtain access to all the critical infrastructure networks to pre-position the attacks.

Flaws were used to hack the US election support systems

The APT threat actors have published a complete list of exploits in November 2020, and all these exploits could be abused by hackers or any threat actors to steal the credentials of VPN from 50000 vulnerable servers.

Due to these critical reasons, earlier Microsoft in September 2020 has already urged about the APT actors from major countries like China, Iran, and Russia are targeting the 2020 US elections.

Mitigations

  • Perform network segmentation.
  • Always use multi-factor authentication where possible.
  • Require administrator credentials to fit the software.
  • Every audit user accounts with executive privileges and configures access checks with the least privilege in mind. 
  • Perform a recovery plan to reinstate all the sensitive or proprietary data from a physically separate, segmented, secure location.
  • Always remember to install and regularly update security tools and software on all hosts.
  • Don’t forget to add an email banner to emails obtained from outside your organization.
  • Remember to disable hyperlinks in received emails.
  • Focus on awareness and training, to recognize and evade such attacks and phishing emails.

The FBI and CISA have worked many times to disclose the APT threat actors and many other attacks. That’s why now they have published a joint security advisory on attacks exploiting vulnerabilities in Fortinet systems.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

Hackers Abuse EDRSilencer Red Team Tool To Evade Detection

EDRSilencer, a red team tool, interferes with EDR solutions by blocking network communication for...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...