Attacker Releases Credentials FortiGate SSL VPN Devices, Experts Reaction

BACKGROUND:

It has been reported that Fortinet has warned that 87,000 sets of credentials for FortiGate SSL VPN devices have been published online

Experts Comments

September 10, 2021
Jamie Lewis
Jamie Lewis, Venture Partner, Rain Capital:
Rain Capital

A continuing challenge for many businesses is the lack of a complete and accurate inventory of all their assets. IT professionals, CISOs and BISOs do not have the means or ability to understand their environment in real time to make assessments of risk. Without actionable visibility of their assets and availability of solutions like JupiterOne, they are not able to manage the vulnerabilities in their infrastructure. Rapid patching and remediation is the primary defense against attacks and

.....Read More

A continuing challenge for many businesses is the lack of a complete and accurate inventory of all their assets. IT professionals, CISOs and BISOs do not have the means or ability to understand their environment in real time to make assessments of risk. Without actionable visibility of their assets and availability of solutions like JupiterOne, they are not able to manage the vulnerabilities in their infrastructure. Rapid patching and remediation is the primary defense against attacks and ransomware and this defense always starts with reliable and accurate inventory as the foundational element.

  Read Less
September 10, 2021
Christos Betsios
Cyber Operations Officer
Obrela

This is another great example why patch management is important. More than half of cyberattacks could have been prevented if the right patches had been applied.

Besides a solid patch management program all organizations should establish a vulnerability management program to be able to assess their security posture in a timely manner.

Moreover, continuous monitoring of an organization's environment is one of the best ways to detect a malicious user early in an attack.

Finally, what every

.....Read More

This is another great example why patch management is important. More than half of cyberattacks could have been prevented if the right patches had been applied.

Besides a solid patch management program all organizations should establish a vulnerability management program to be able to assess their security posture in a timely manner.

Moreover, continuous monitoring of an organization's environment is one of the best ways to detect a malicious user early in an attack.

Finally, what every organization needs to keep in mind is that after a successful detection of a malicious user, or after successfully patching of a vulnerability they need to act proactively and get the right containment actions in place, which is the case for this disclosure. Even if organizations had patched their FortiGate SSL VPN devices, if they suspected that they had been exposed for a long time, enough time for a threat actor to take advantage of this vulnerability, it would make sense to treat all credentials as potentially compromised and to perform an organization-wide password reset.

  Read Less
September 10, 2021
Rajiv Pimplaskar
Vice President
Veridium

The recent Fortinet breach that has exposed over 22,500 sensitive corporate passwords spanning 74 countries is a stark reminder of today’s dangers with password based systems. While enterprises and users are starting to adopt passwordless authentication methods like “phone as a token” and FIDO2 for customer and Single Sign On (SSO) portals and enterprise applications, vulnerabilities still exist across entire categories of cases such as, 3rd party sites, VPN (Virtual Private Network) and

.....Read More

The recent Fortinet breach that has exposed over 22,500 sensitive corporate passwords spanning 74 countries is a stark reminder of today’s dangers with password based systems. While enterprises and users are starting to adopt passwordless authentication methods like “phone as a token” and FIDO2 for customer and Single Sign On (SSO) portals and enterprise applications, vulnerabilities still exist across entire categories of cases such as, 3rd party sites, VPN (Virtual Private Network) and VDI (Virtual Desktop Infrastructure) environments, all of which are particularly vulnerable in the current WFH explosion.

Companies need to adopt a more holistic modern authentication strategy that is identity provider agnostic and can operate across all use cases in order to build true resiliency and ensure cyber defense against such actors.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.