These attacks have targeted federal as well as state, local, tribal and territorial (SLTT) government networks, though non-government networks have also been targeted.
- We've put together a list of the best secure VPN providers around
- These are the best business VPN solutions on the market
- Also check out our roundup of the best endpoint protection software
“Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks. CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised.”
Exploiting multiple vulnerabilities
The joint alert revealed that hackers are combining a vulnerability in the Fortinet ForitOS Secure Socket Layer (SSL) VPN, tracked as CVE-2018-13379, and the Zerlogon vulnerability in Windows 10's Netlogon protocol, tracked as CVE-2020-1472, to launch this recent wave of attacks.
While the vulnerabilities in Fortinet's VPN software provide hackers with initial access to a network, Zerologon allows them to gain complete control over a targeted network by taking over domain controllers which are servers used to manage a network and often contain the passwords for all connected workstations.
The FBI and CISA's joint alert didn't name the hackers behind this new wave of attack outright but it did say they were “advanced persistent threat (APT) actors” which means they are likely state-sponsored hackers.
To avoid falling victim to these attacks, the agencies recommend that both public sector and private sector organizations update their systems immediately as patches have been available for months. However, by failing to install them, organizations have left themselves and their networks open to attack.
- We've also highlighted the best VPN services