According to a joint report from the FBI and CISA on October 9th, 2020 an Advanced Persistent Threat (APT) was observed using two separate vulnerabilities to make their way into the networks of US federal, state, local and tribal government agencies. Some of the actions included access to elections support systems. No evidence that the integrity of the election has been compromised in any way was found, according to CISA. Additional government and non-government entities were targeted as well, and it does not appear that only election-related entities are being targeted. The threat actor is using CVE-2018-13379 which is a vulnerability in the Fortinet FortiOS Secure Socket Layer (SSL) VPN, an on-premise VPN server that is designed to be used as a secure gateway. The second vulnerability, CVE-2020-1472, is known as Zerologon, a vulnerability in the Netlogon protocol used by Windows workstations to authenticate against a Windows Server running as a domain controller. The attackers will start out using the VPN bug and once they gain access, take over the domain controllers in the victim organization’s network using Zerologon.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security