Hackers Exploit FortiOS Vulnerabilities to Access Government and Technology Services Networks

Recently, in March, the news got spread all over the internet that hackers are currently exploiting three known Fortinet FortiOS vulnerabilities.

The case was initially detected by the FBI and CISA; and they affirmed that the main motive of the threat actors is to gain access to government, commercial, and technology services networks.

However, the government experts have noticed that the state-sponsored threat actors are continuously scanning the internet so that they can find all possible servers that are vulnerable.

After a joint investigation, the FBI and CISA both observed that the threat actors were investigating systems on ports 4443, 8443, and 10443. And not only this, but the hackers are continuously scanning the specified devices for the CVE-2020-12812 and CVE-2019-5591 flaws.

Summary and Technical details

According to the joint report, the APT threat actors have a long back history; that’s why, they have been exploiting all critical vulnerabilities so that they can easily conduct all their required operation.

The attacks that are being conducted by the APT hackers have distributed denial-of-service (DDoS) attacks, Structured query language(SQL) injection attacks, spearphishing campaigns, ransomware attacks, disinformation campaign, and website defacements.

After the examination, the FBI and CISA asserted that the APT threat actors are exploiting these Fortinet FortiOS vulnerabilities that we have mentioned below:-

• CVE 2018-13379
• CVE-2020-12812
• CVE-2019-5591

Moreover, the threat actors were using different CVEs and some common technical methods so that they can obtain access to all the critical infrastructure networks to pre-position the attacks.

Flaws were used to hack the US election support systems

The APT threat actors have published a complete list of exploits in November 2020, and all these exploits could be abused by hackers or any threat actors to steal the credentials of VPN from 50000 vulnerable servers.

Due to these critical reasons, earlier Microsoft in September 2020 has already urged about the APT actors from major countries like China, Iran, and Russia are targeting the 2020 US elections.

Mitigations

• Perform network segmentation.
• Always use multi-factor authentication where possible.
• Require administrator credentials to fit the software.
• Every audit user accounts with executive privileges and configures access checks with the least privilege in mind.
• Perform a recovery plan to reinstate all the sensitive or proprietary data from a physically separate, segmented, secure location.
• Always remember to install and regularly update security tools and software on all hosts.
• Don’t forget to add an email banner to emails obtained from outside your organization.
• Remember to disable hyperlinks in received emails.
• Focus on awareness and training, to recognize and evade such attacks and phishing emails.

The FBI and CISA have worked many times to disclose the APT threat actors and many other attacks. That’s why now they have published a joint security advisory on attacks exploiting vulnerabilities in Fortinet systems.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.