By 
As per reports, cybercriminals have deployed ransomware on the systems of American hospitals and government organizations using Active Directory credentials.
Although the flaw, traced as CVE-2019-11510, was fixed by Pulse Secure a year ago, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) cautioned companies in January 2020 to fix their Pulse Secure VPN servers against continuing attacks.
The Federal Bureau of Investigation (FBI) also said in a gaudy security alert that the networks of a U.S. municipal government and a U.S. financial institution have been violated by state-sponsored actors.
Notwithstanding all these caveats, CISA had to release one more alert this week exhorting organizations to instantly patch CVE-2019-11510 to block attackers from getting access to their networks and steal domain administrator credentials.
“Once credentials were compromised, cyber threat actors accessing victim network environments via the Pulse Secure VPN appliances,” the alert explains.
“Cyber threat actors used Connection Proxies —such as Tor infrastructure and virtual private servers (VPSs)—to minimize the chance of detection when they connected to victim VPN appliances.”
One of the threat actors CISA noted using stolen credentials after abusing Pulse Secure VPN appliances was able to contaminate and encode the systems of numerous hospitals and U.S. government institutions using ransomware payloads.
The cybersecurity agency also spotted the same actor while “attempting to sell the stolen credentials after 30 unsuccessful attempts to connect to the customer environment to escalate privileges and drop ransomware. ”
“CISA strongly urges organizations that have not yet done so to upgrade their Pulse Secure VPN to the corresponding patches for CVE-2019-11510,” the agency concludes.
“If—after applying the detection measures in this alert—organizations detect evidence of CVE-2019-11510 exploitation, CISA recommends changing passwords for all Active Directory accounts, including administrators and services accounts.”
