Skip to main content

This VPN and Windows 10 bug combo is every organization's nightmare

(Image credit:
Audio player loading…

By chaining vulnerabilities in VPN services and Windows 10 together, hackers have managed to gain access to government networks according to a new joint security alert released by the FBI and CISA.

These attacks have targeted federal as well as state, local, tribal and territorial (SLTT) government networks, though non-government networks have also been targeted.

The FBI and CISA warned in their joint cybersecurity advisory that information about the 2020 election could be at risk from hackers accessing these government networks, saying:

“Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks. CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised.”

Exploiting multiple vulnerabilities

The joint alert revealed that hackers are combining a vulnerability in the Fortinet ForitOS Secure Socket Layer (SSL) VPN, tracked as CVE-2018-13379, and the Zerlogon vulnerability in Windows 10's Netlogon protocol, tracked as CVE-2020-1472, to launch this recent wave of attacks. 

While the vulnerabilities in Fortinet's VPN software provide hackers with initial access to a network, Zerologon allows them to gain complete control over a targeted network by taking over domain controllers which are servers used to manage a network and often contain the passwords for all connected workstations.

The FBI and CISA's joint alert didn't name the hackers behind this new wave of attack outright but it did say they were “advanced persistent threat (APT) actors” which means they are likely state-sponsored hackers.

To avoid falling victim to these attacks, the agencies recommend that both public sector and private sector organizations update their systems immediately as patches have been available for months. However, by failing to install them, organizations have left themselves and their networks open to attack.

  • We've also highlighted the best VPN services

Via ZDNet

Anthony Spadafora

After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal and TechRadar. He has been a tech enthusiast for as long as he can remember and has spent countless hours researching and tinkering with PCs, mobile phones and game consoles.