Top News - Bkav Corporation

Do your best, the rest will come !

Zerologon threats networks of large organizations and enterprises in Viet Nam

10:25:00 | 24-10-2020

Zerologon is a critical privilege escalation vulnerability targeting Domain Controller (DC) servers used in most network systems of large organizations and enterprises in Viet Nam. After a successful exploit, an attacker can take control of all accounts in the systems, including administrator accounts. According to Bkav, one Vietnamese enterprise has become a victim of Zerologon.

Zerologon (CVE-2020-1472) received a maximum severity score, allowing an unauthenticated attacker to gain control of DC servers and completely compromise all Active Directory identity services. The exploit is performed by sending a large number of authentication requests to the DC server via the NetLogon protocol, with the credentials containing only 0 (Zero) values. The authentication is successful if the appropriate random key is selected by the server. The probability of this key is 1/256.

According to Bkav researchers, the attack scenario will include two steps. Initially, a hacker takes control of a computer or server which can be a VPN server, a user computer or a web server, etc. connected to the DC server. Then, the hacker attacks the DC by exploiting the Zerologon vulnerability.

“DC is the backbone of other systems, therefore it is not patched regularly. It means that most of systems deploying DC are vulnerable to this flaw. With 50% of servers using Windows Server operating system, it will be a huge risk for network systems not only in Viet Nam but all over the world”, said Nguyen Van Cuong, the leader of research group.

Mr. Cuong noted that the first victim of the Zerologon attack in Viet Nam has been identified. Hackers have successfully penetrated the system and fully controlled all user accounts of this company.

Due to the flaw’s critical severity, administrators are recommended to urgently check and update patches for their systems. They can view the details, follow the instruction, check and fix the bug here. Particularly, the systems installed security operations center eEye SOC will be automatically protected against Zerologon attacks.

Bkav

Others

The DEEP#GOSU virus campaign takes advantage of Google Docs and Dropbox to attack Windows users

LockBit ransomware virus attacks Windows Domain servers in Vietnam

5 million websites are at risk because of vulnerabilities in WordPress' LiteSpeed

Warning: using AI to create fake images and voices to scam money

Bug in Microsoft Outlook allows hackers to steal information and take control of devices

OPSWAT and Bkav signed a strategic partnership

Summary of cybersecurity in 2023 and forecast for 2024

Warning: Many Elknot virus variants appear targeting Vietnamese Linux servers

Bkav launches Bkav Pro 2024 with the orientation of expanding the global market

Applications impersonating government agencies to spread viruses on Android are highly active in Vietnam