fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hackers Used VPN Flaws To Access US Govt Elections Support Systems

Hackers Used VPN Flaws To Access US Govt Elections Support Systems

Government-backed hackers have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says that advanced persistent threat (APT) actors used this vulnerability chaining tactic to target federal and SLTT (state, local, tribal, and territorial) government networks, as well as election organizations, and critical infrastructure.

Election support systems compromised

“Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks,” says a joint security advisory published by CISA and the FBI.

Despite that, CISA added that it is “aware of some instances where this activity resulted in unauthorized access to elections support systems.”

Also Read: What is Pentest Report? Here’s A Walk-through

However, there is no evidence that the advanced persistent threat (APT) actors were able to use their access to compromise the “integrity of elections data” as CISA explains.

To gain access to these systems, the attackers exploited Internet-exposed servers using the CVE-2018-13379 vulnerability in the Fortinet FortiOS Secure Socket Layer (SSL) VPN or the CVE-2020-15505 flaw in the MobileIron Unified Endpoint Management (UEM) for mobile devices to gain initial access.

Afterward, they exploited CVE-2020-1472 (aka Zerologon), a critical security flaw in the Windows Netlogon authentication protocol that allows attackers to elevate privileges to domain administrator after successful exploitation, enabling them to take control over the entire domain and to change users’ password.

“Actors have then been observed using legitimate remote access tools, such as VPN and Remote Desktop Protocol (RDP), to access the environment with the compromised credentials,” CISA adds. “Observed activity targets multiple sectors, and is not limited to SLTT entities.”

Last week, Microsoft also warned of Iranian-backed hacking group MERCURY (aka MuddyWaterSeedWorm, and TEMP.Zagros) actively exploiting Zerologon in their attacks.

VPN bugs that could be used in future attacks

Even though the APT hackers have exploited the CVE-2018-13379 FortiOS SSL VPN web portal vulnerability to gain network access, CISA warns that they could use any other vulnerability to target unpatched and Internet-facing network edge devices in their attacks.

CISA advises organizations that could be targeted by these attacks to immediately patch all known flaws within their internet-exposed network infrastructure.

Also Read: By Attending This Event You Agree To Be Photographed

The US cybersecurity agency highlights the following vulnerabilities as ones that APT actors could most likely use in future attacks against government and critical infrastructure networks to gain initial access:

Some of them have already been used in previous attacks exploiting the CVE-2019-11510 Pulse VPN flaw, the CVE-2019-19781 Citrix NetScaler bug, and the CVE-2020-5902 critical F5 BIG-IP flaw.

In September, Microsoft has also warned of Russian, Chinese, and Iranian APT actors targeting the 2020 US elections.

Microsoft’s report confirmed intelligence shared by the US govt in July and August on Russian, Iranian, and Chinese hackers trying to “compromise the private communications of U.S. political campaigns, candidates and other political targets.”

This month, CISA has also alerted of an increasing number of Emotet attacks that have targeted multiple US state and local governments.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us