Another vulnerability abused to distribute ransomware is the CVE-2020-1472 vulnerability (also known as Zerologon; CSVV score: 10) that exists in Netlogon, the protocol responsible for authenticating users against domain controllers, and stems from the fact that the protocol uses a weak cryptographic algorithm for the authentication process. Successful exploitation of Zerologon could allow attackers to take over servers running as domain controllers in the network by obtaining domain admin privileges. The vulnerability was patched by Microsoft in its Patch Tuesday security update for August 2020 39 , but its technical details were only uncovered in mid-September 2020 40 . During October 2020, it was detected being exploited by the Ryuk ransomware gang 41 . All three vulnerabilities were also very popular among nation-state groups originating from Iran and China during 2020 for cyber-espionage and data exfiltration 42 . https://www.zdnet.com/article/zerologon-attack-lets-hackers-take-over-enterprise-networks/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472 https://threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/ https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF; https:// www.bankinfosecurity.com/iranian-hackers-exploiting-unpatched-vulnerabilities-a-15001 42. 40. 39. 41. 26 | The Ransomware Landscape