An article published on the FBI and U.S. CISA’s warnings of APT groups exploiting Fortinet FortiOS vulnerabilities, targeting systems of government, technology, and commercial services.
Experts Comments
Networking equipment tends to be central to a company's operations.
Networking equipment tends to be central to a company's operations. This incident of attackers capitalizing on a combination of N-day vulnerabilities—as opposed to zero-day—and unpatched systems, highlights the challenges that IT administrators experience in scheduling downtime to patch vulnerabilities. However, in the meantime, this also makes unpatched systems a prime target for attackers seeking out prey. This advisory is similar to a NSA/CISA advisory released in December 2020,
.....Read MoreDot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
This is a major challenge to organisations as there is a never ending stream of vulnerable devices that need immediate patching to mitigate the threat of serious negative consequences. It’s a perpetual fire drill for organisations - not only taking time to ensure the devices are patched correctly, but more so, not knowing if and where they have these devices in the first place. There has been huge emphasis on SSL VPN solutions enabling us all to work during the pandemic, and many business
.....Read MoreThis is a major challenge to organisations as there is a never ending stream of vulnerable devices that need immediate patching to mitigate the threat of serious negative consequences. It’s a perpetual fire drill for organisations - not only taking time to ensure the devices are patched correctly, but more so, not knowing if and where they have these devices in the first place. There has been huge emphasis on SSL VPN solutions enabling us all to work during the pandemic, and many business units and departments have sourced VPN solutions at speed, and often outside of the normal IT procurement process.
Therefore, fixing the possibility of actively attempted unauthorised access to their networks, from a trivially exploitable hole, will be a priority. In addition to patching the FortiOS devices, it will be important to compare the patterns of behaviours of the devices themselves to highlight any changes in behaviour over time. Similarly, organisations should compare each device against other Fortinet devices to spot deviations from a profile of expected behaviours, that will act as an indicator to the possibility that an attack may of occurred.
With VPNs a commonly abused entry point for attackers - and Fortinet having an existing partnership with the NHS - we can probably expect to see an NHS Cyber Alert in the coming hours and days. There are strong and robust practises in place within the NHS. The common issue we see is not the lack of ability or speed to patch, it is in finding the devices in the first place from what is often a forgotten piece of the puzzle, the asset inventory. It is these forgotten or unknown devices that will be the major source of concern.
Read LessLinkedin Message
@Andy Norton, uropean Cyber Risk Officer , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"There are strong and robust practises in place within the NHS...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-on-cisa-warns-of-apts-exploiting-fortinet-vulnerabilities
Facebook Message
@Andy Norton, uropean Cyber Risk Officer , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"There are strong and robust practises in place within the NHS...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-on-cisa-warns-of-apts-exploiting-fortinet-vulnerabilities