An NMLEA STAR Partner ("Service Tested - Academy Recognized"), RiskSense revealed yet another cyber attack vulnerability, just like they did in predicting the WannaCry Ransomware attack, as cited by the Department of Justice Report.
The technical description is this: The vulnerability was discovered on the Netlogon Remote Protocol RPC interface used by Microsoft Active Directory Domain Controllers for password database synchronization. This attack leverages a design weakness in the Netlogon Remote Protocol login process, and allows an attacker to log in and perform critical operations using a password consisting entirely of zeros. This attack is highly successful - on average - in 1 of every 256 login attempts!
In an effort to help the security community, RiskSense developed the first publicly available exploit and implemented the attack as reported in a Secura whitepaper (https://www.secura.com/blog/zero-logon ). Further, RiskSense created a modified version of the Secura scanner that performs the complete attack chain including reversing the attack to restore the original domain controller machine password. The sample exploit code can be found at https://github.com/risksense/zerologon/.
This is another example of why RiskSense continues to earn recognition as the leading innovator in cyber risk management.
And its another reason why we at the NMLEA are supporting a Maritime Cybersecurity Pilot Program, providing tools like this to selected ports, shipping companies, cruise companies, terminal operators, oil and gas facilities, and other stakeholders within the private and public sectors... at no cost. To find our more, or to become a part of the Pilot Program, email us at cyber@nmlea.org.