Friday, March 29, 2024

Hackers Exploit FortiOS Vulnerabilities to Access Government and Technology Services Networks

Recently, in March, the news got spread all over the internet that hackers are currently exploiting three known Fortinet FortiOS vulnerabilities.

The case was initially detected by the FBI and CISA; and they affirmed that the main motive of the threat actors is to gain access to government, commercial, and technology services networks.

However, the government experts have noticed that the state-sponsored threat actors are continuously scanning the internet so that they can find all possible servers that are vulnerable.

After a joint investigation, the FBI and CISA both observed that the threat actors were investigating systems on ports 4443, 8443, and 10443. And not only this, but the hackers are continuously scanning the specified devices for the CVE-2020-12812 and CVE-2019-5591 flaws.

Summary and Technical details

According to the joint report, the APT threat actors have a long back history; that’s why, they have been exploiting all critical vulnerabilities so that they can easily conduct all their required operation.

The attacks that are being conducted by the APT hackers have distributed denial-of-service (DDoS) attacks, Structured query language(SQL) injection attacks, spearphishing campaigns, ransomware attacks, disinformation campaign, and website defacements.

After the examination, the FBI and CISA asserted that the APT threat actors are exploiting these Fortinet FortiOS vulnerabilities that we have mentioned below:-

Moreover, the threat actors were using different CVEs and some common technical methods so that they can obtain access to all the critical infrastructure networks to pre-position the attacks.

Flaws were used to hack the US election support systems

The APT threat actors have published a complete list of exploits in November 2020, and all these exploits could be abused by hackers or any threat actors to steal the credentials of VPN from 50000 vulnerable servers.

Due to these critical reasons, earlier Microsoft in September 2020 has already urged about the APT actors from major countries like China, Iran, and Russia are targeting the 2020 US elections.

Mitigations

  • Perform network segmentation.
  • Always use multi-factor authentication where possible.
  • Require administrator credentials to fit the software.
  • Every audit user accounts with executive privileges and configures access checks with the least privilege in mind. 
  • Perform a recovery plan to reinstate all the sensitive or proprietary data from a physically separate, segmented, secure location.
  • Always remember to install and regularly update security tools and software on all hosts.
  • Don’t forget to add an email banner to emails obtained from outside your organization.
  • Remember to disable hyperlinks in received emails.
  • Focus on awareness and training, to recognize and evade such attacks and phishing emails.

The FBI and CISA have worked many times to disclose the APT threat actors and many other attacks. That’s why now they have published a joint security advisory on attacks exploiting vulnerabilities in Fortinet systems.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles