Fortinet Alerts on Credential Attack Targeting FortiGate

Fortinet Alerts on Credential Attack Targeting FortiGate

Posted on By CWS

Fortinet has released an urgent security advisory addressing a widespread credential harvesting campaign aimed at FortiGate devices. Researchers have named this campaign ‘FortiBleed’, highlighting its significant impact on network security.

Exploiting Known Vulnerabilities

According to Carl Windsor’s analysis from Fortinet, the campaign exploits previously known vulnerabilities rather than new ones. The attackers leverage poor password practices and the lack of multi-factor authentication (MFA) to infiltrate systems.

FortiBleed affects up to 86,000 FortiGate firewalls and VPN devices across 194 countries, marking it as one of the most extensive security challenges for Fortinet to date.

Recycled Credentials and AI Techniques

The attack does not utilize zero-day vulnerabilities. Instead, it recycles credentials from prior incidents, identified as FG-IR-26-060 and FG-IR-25-647. Attackers employ AI-driven brute-force methods against exposed FortiGate devices lacking robust credential protections.

Fortinet emphasizes that this campaign is unrelated to recent vulnerability disclosures, reassuring that systems following previous advisories should remain secure.

Recommended Security Measures

Fortinet is actively identifying and notifying potentially compromised systems, working alongside government agencies to manage the threat. The primary vulnerability lies in weak or reused credentials on exposed devices, exacerbated by the absence of MFA.

Unauthorized access can lead to configuration changes, creation of rogue accounts, and potential lateral movement within networks, particularly those integrated with Active Directory or LDAP.

CISA has also issued guidance urging organizations to secure their Fortinet devices immediately.

Immediate Steps for FortiGate Users

Fortinet advises users to end all admin and VPN sessions, reset credentials, and enforce MFA. Upgrading to FortiOS versions 7.4, 7.6, or 8.0 is crucial, as these versions support stronger credential hashing techniques.

Users should also audit configurations, monitor logs for unusual activity, and restrict management access to trusted sources. Any signs of unauthorized changes or activity should prompt a full security review.

Future Outlook

Organizations are reminded of the critical need for prompt remediation of vendor advisories and consistent enforcement of MFA and strong password policies. Fortinet’s FortiGuard Incident Response team is available for further assistance in scoping suspected compromises.

The campaign underscores the importance of maintaining rigorous security measures to protect against credential-based attacks.

Follow us on Google News, LinkedIn, and X for more updates.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Beware of Malicious Facebook Ads With Meta Verified Steals User Account Details Beware of Malicious Facebook Ads With Meta Verified Steals User Account Details Cyber Security News
New Frontiers In Identity-Based Access Control New Frontiers In Identity-Based Access Control Cyber Security News
APT36 Attacking BOSS Linux Systems With Weaponized ZIP Files to Steal Sensitive Data APT36 Attacking BOSS Linux Systems With Weaponized ZIP Files to Steal Sensitive Data Cyber Security News
Remote Code Execution Risk in Telnetd Impacts Security Remote Code Execution Risk in Telnetd Impacts Security Cyber Security News
GitLab Patches Multiple Vulnerabilities that Enables Arbitrary Code Execution GitLab Patches Multiple Vulnerabilities that Enables Arbitrary Code Execution Cyber Security News
Avoid Fake Traffic Ticket Sites Stealing Your Data Avoid Fake Traffic Ticket Sites Stealing Your Data Cyber Security News