Another ulnerabilit abused to distribute ransom are is the CVE-2020-1472 ulnerabilit (also kno n as Zerologon; CSVV score: 10) that e ists in Netlogon, the protocol responsible for authenticating users against domain controllers, and stems from the fact that the protocol uses a weak cryptographic algorithm for the authentication process. Successful exploitation of Zerologon could allow attackers to take over servers running as domain controllers in the network by obtaining domain admin privileges. The vulnerability was patched by Microsoft in its Patch Tuesday securit update for August 2020 39 , but its technical details were only uncovered in mid-September 2020 40 . During October 2020, it as detected being e ploited b the R uk ransom are gang 41 . All three vulnerabilities were also very popular among nation-state groups originating from Iran and China during 2020 for c ber-espionage and data e åfltration 42 . https:// . dnet.com/article/ erologon-attack-lets-hackers-take-o er-enterprise-net orks/ https://msrc.microsoft.com/update-guide/ ulnerabilit /CVE-2020-1472 https://threatpost.com/r uk-ransom are-gang- erologon-lightning-attack/160286/ https://media.defense.go /2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF; https:// .bankinfosecurit .com/iranian-hackers-e ploiting-unpatched- ulnerabilities-a-15001 42. 40. 39. 41. 26 | The Ransomware Landscape