Attacker Releases Credentials FortiGate SSL VPN Devices, Experts Reaction

BACKGROUND:

It has been reported that Fortinet has warned that 87,000 sets of credentials for FortiGate SSL VPN devices have been published online

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Jamie Lewis
Jamie Lewis , Jamie Lewis, Venture Partner, Rain Capital:
InfoSec Expert
September 10, 2021 9:42 pm

<p>A continuing challenge for many businesses is the lack of a complete and accurate inventory of all their assets. IT professionals, CISOs and BISOs do not have the means or ability to understand their environment in real time to make assessments of risk. Without actionable visibility of their assets and availability of solutions like JupiterOne, they are not able to manage the vulnerabilities in their infrastructure. Rapid patching and remediation is the primary defense against attacks and ransomware and this defense always starts with reliable and accurate inventory as the foundational element.</p>

Last edited 1 year ago by Jamie Lewis
Rajiv Pimplaskar
InfoSec Expert
September 10, 2021 6:41 pm

<p>The recent Fortinet breach that has exposed over 22,500 sensitive corporate passwords spanning 74 countries is a stark reminder of today’s dangers with password based systems. While enterprises and users are starting to adopt passwordless authentication methods like “phone as a token” and FIDO2 for customer and Single Sign On (SSO) portals and enterprise applications, vulnerabilities still exist across entire categories of cases such as, 3rd party sites, VPN (Virtual Private Network) and VDI (Virtual Desktop Infrastructure) environments, all of which are particularly vulnerable in the current WFH explosion.</p>
<p>Companies need to adopt a more holistic modern authentication strategy that is identity provider agnostic and can operate across all use cases in order to build true resiliency and ensure cyber defense against such actors.</p>

Last edited 1 year ago by Rajiv Pimplaskar
Christos Betsios
Christos Betsios , Cyber Operations Officer
InfoSec Expert
September 10, 2021 6:37 pm

<p>This is another great example why patch management is important. More than half of cyberattacks could have been prevented if the right patches had been applied.</p>
<p>Besides a solid patch management program all organizations should establish a vulnerability management program to be able to assess their security posture in a timely manner.</p>
<p>Moreover, continuous monitoring of an organization\’s environment is one of the best ways to detect a malicious user early in an attack.</p>
<p>Finally, what every organization needs to keep in mind is that after a successful detection of a malicious user, or after successfully patching of a vulnerability they need to act proactively and get the right containment actions in place, which is the case for this disclosure. Even if organizations had patched their FortiGate SSL VPN devices, if they suspected that they had been exposed for a long time, enough time for a threat actor to take advantage of this vulnerability, it would make sense to treat all credentials as potentially compromised and to perform an organization-wide password reset.</p>

Last edited 1 year ago by Christos Betsios
3
0
Would love your thoughts, please comment.x
()
x