This latest investigation by Kaspersky focused on a European company that was the target of a ransomware attack. The attack managed to encrypt the industrial control servers with ransomware, resulting in the temporary shutdown of operations. Kaspersky has detailed the ransomware that encrypted the network and how cyber criminals were able to gain access.
It was discovered that the attackers used Cring ransomware, which exploits a known vulnerability in Fortigate VPN servers (CVE-2018-13379). Fortinet released a patch for this vulnerability in 2019, but in this case, the company that was attacked had not installed the updated patch. The attackers were able to exploit this unpatched vulnerability to remotely access the username and password, allowing them to manually login to the network. From there, they were able to laterally move within the network an install other tools to help them gain control over the systems.
While this unpatched VPN server was the primary cause of this breach, other factors that allowed for the successful attack include the lack of timely security updates applied to the antivirus software. That software is supposed to protect the network; not having the update reduces its ability to detect intrusions or malicious activity.
Trying to manage vulnerabilities in a timely manner is a struggle for businesses of all sizes. IT departments often do not have the resources to address all the known vulnerabilities out there. But there is a better way to stay on top of this. By partnering with a Managed Security Services Provider (MSSP), you can focus on growing your business while the MSSP ensures your systems are up-to-date with the latest patches. Uzado is an MSSP that has the resources in its Integrated Operations Centre (IOC) to learn about all the different threats that come into the field every day, filter through them, and figure out what may or may not be a threat to your business. Contact us today to learn more about how Uzado can help.