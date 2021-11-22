Another week starting and another critical FBI alert regarding the existence of zero-day failures in use by malicious agents. The ball of choice are three VPN services from FatPipe Networks, focused on the corporate market, and which were being used to deliver attacks focused on escalating privileges to subsequently steal data or initiate scams involving ransomware.

According to the US government report, three systems were used in exploits: WARP, MPVPN and IPVPN. FatPipe platforms are used in corporations to ensure security, speed and redundancy, but in the hands of criminals, they served to launch scams difficult to be detected by traditional security systems, while being able to move laterally through networks.

From a webshell, criminals would be able to gain access with administrator privileges, while cleanup scripts would remove traces of compromise that could be noticed in security scans. The FBI did not give details about the affected corporations or the attackers’ mode of operation, saying only that users of FatPipe platforms should immediately update their systems to the latest versions.

In addition, the official alert provides security best practice tips that could have prevented attacks even on vulnerable systems. The same goes for FatPipe itself, which in a statement said that the problem was in the validation mechanisms of certain HTTP requests, which could be modified to deliver pests to accessed devices, opening ports that could later be used in remote blows.

The FBI also did not provide details on the criminal group responsible for the attacks, with the official report indicating that only one is involved in the detected attacks. The agency also urges those affected to contact local authorities for investigations into possible compromises of data or internal networks.