Security News > 2021 > April > Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks
"In at least in one case, an attack of the ransomware resulted in a temporary shutdown of the industrial process due to servers used to control the industrial process becoming encrypted," Kaspersky senior security researcher Vyacheslav Kopeytsev wrote in the report.
One of those bugs, is CVE-2018-13379, a path-traversal flaw in Fortinet FortiOS. The vulnerability is tied to system's SSL VPN web portal and allows an unauthenticated attacker to download system files of targeted systems via a specially crafted HTTP resource requests.
In its report Kaspersky echoed the feds' warning adding attackers are first scanning connections to Fortinet VPNs to see if the software used on the device is the vulnerable version.
After gaining complete control, attackers download a cmd script to launch Cring ransomware, naming the malicious execution script "Kaspersky" to disguise it as a security solution, Kopeytsev said.
In its final step, Cring starts to encrypt files using strong encryption algorithms so victims can't decrypt files without knowing the RSA private key held by the attackers, Kopeytsev explained.
"The primary causes of the incident include the use of an outdated and vulnerable firmware version on the Fortigate VPN server, which enabled the attackers to exploit the CVE-2018-13379 vulnerability and gain access to the enterprise network," he wrote.
News URL
https://threatpost.com/hackers-exploit-flaw-cring-ransomware/165300/
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New SuperBlack ransomware exploits Fortinet auth bypass flaws (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-04 | CVE-2018-13379 | Path Traversal vulnerability in Fortinet Fortios and Fortiproxy An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | 9.8 |