Hackers exploit VPN, Windows flaws to influence US elections

 hackread.com  10/13/2020 14:43:38 

According to CISA, these flaws are centered around Fortinet FortiOS Secure Socket Layer (SSL) VPN and MobileIron platform.

In 2016, there was great controversy surrounding the U.S Presidential elections owing to the rumors associated with it. These rumors centered around foreign actors influencing the elections illegally.

In the latest, the same threat seems to be on the horizon for the upcoming U.S elections where both the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert, warning of government networks being under the threat of data theft by Advanced Persistent Threat (APT) actors.

It is worth noting that both CISA and FBI are very active in issuing warnings against sophisticated cyber attacks and unpatched vulnerabilities. Just a few weeks ago both agencies had warned of critical vulnerabilities that were being exploited in VPNs and Microsoft servers to target critical cyberinfrastructure in the United States.

As for the new warning; the attack in question is a Vulnerability Chaining one as the threat actors are targeting multiple vulnerabilities for one single access point. These are centered around CVE-2018-13379, a vulnerability in the Fortinet FortiOS Secure Socket Layer (SSL) VPN, and CVE-2020-15505, a vulnerability in the MobileIron platform, both of which may be used by attackers to access servers unauthorizedly.

Once accessed, another vulnerability termed as CVE-2020-1472 and known as Zerologon is targeted. In regards to it, the official advisory states,

[Its purpose is to] compromise all Active Directory (AD) identity services. Actors have then been observed using legitimate remote access tools, such as VPN and Remote Desktop Protocol (RDP), to access the environment with the compromised credentials. Observed activity targets multiple sectors and is not limited to SLTT entities.”

The result of this working out successfully for the attackers would be to access and steal confidential information. This information then could be used for nefarious purposes such as trying to influence the electoral process.

Rick Moy, VP of sales and marketing, Tempered commented on the issue and told Hackread.com that: Its extremely concerning that remote attackers can run arbitrary unauthenticated code against a security product. Authentication and authorization should be the cornerstone of all access, but many legacy security offerings have obvious holes, leaving them vulnerable.

This is why organizations are starting to rethink their cybersecurity strategy to fortify their solution stack against increasingly frequent and malicious attacks. In the coming months, we’ll increasingly see organizations turning to zero trust approaches, which ‘never trust, always verify’ users, for next-generation VPNs and software-defined perimeters, Rick warned.

To conclude, to guard against this, all government departments and others associated with any sort of election data should keep their systems updated and regularly implement released patches. On the other hand, as a parting bit, to know if a network has already been infiltrated, the CISA’s blog post states,

If there is an observation ofCVE-2020-1472Netlogon activity or other indications of valid credential abuse detected, it should be assumed the APT actors have compromised AD administrative accounts, the AD forest should not be fully trusted, and, therefore, a new forest should be deployed.

Did you enjoy reading this article? Do like our page onFacebookand follow us onTwitter.

« Go back

Top news today

Apple VP Dan Riccio to focus on ‘new project’ and step down as leader of hardware engineering 01/25/2021 23:48:00
Ex-Trump press sec. Huckabee Sanders announces run for Arkansas governor, pledges to defend against ‘radical left’ in DC 01/25/2021 13:58:31
Tesla Inc. stock outperforms market on strong trading day - MarketWatch 01/25/2021 21:33:00
New COVID vaccine eligibility guidance uses age-based list - Los Angeles Times 01/26/2021 03:38:20
Colombia's FARC party is changing its name to 'Comunes' 01/26/2021 03:35:08
A Disney World ticket booker alerted police to a domestic violence victim after taking their call 01/26/2021 05:10:46
South Korea has used AI to bring a dead superstar's voice back to the stage 01/26/2021 02:34:40
Disneyland to reimagine Jungle Cruise ride following years of criticism 01/26/2021 03:15:04
Sarah Sanders' run for Arkansas governor to test value of ties to Trump 01/26/2021 02:43:31
Facebook bungling the WhatsApp privacy update drives people back to... ICQ 01/25/2021 12:42:00
Men in low-skilled jobs more likely to die from Covid-19 in England & Wales, new govt data reveals 01/25/2021 17:30:25
Analysis: Looming impeachment trial renews trauma of the Trump years 01/26/2021 03:33:35
High covid numbers could delay return to hybrid classes until April for Pittsburgh students 01/25/2021 11:37:55
The viral meme of Bernie Sanders has been made into a crocheted doll, and it's now being auctioned for charity 01/26/2021 02:46:53
WATCH: Trump trolled by ‘worst president ever’ and ‘pathetic loser’ sky banners at Mar-a-Lago resort 01/25/2021 13:37:18