The Fortinet VPN Account Leak
87,000 unpatched Fortinet SSL- VPN credentials from around 500,000 accounts have been leaked on the dark web. According to Threatpost, the attackers exploited a path transversal vulnerability in Fortinet’s FortiOS. This weakness allows attackers to perform data exfiltration, install malware, and launch ransomware. The data leak occurred between May 2019 and June 2021. CPO Magazine added that Fortinet stored passwords in plaintext and credentials were stolen from systems that had not yet implemented the patch.
Bleeping Computer analyzed the files and acknowledged that some of the credentials on the list were valid. The list contains VPN credentials for device IPs worldwide, including 3,000 from the U.S. Experts believe the leak was carried out in order to promote a new ransomware forum. The weakness was one of the most exploited vulnerabilities in 2020 and has been executed multiple times since its discovery in 2018. Additionally, it is common for attackers to exploit VPN vulnerabilities to conduct ransomware attacks.
According to CPO magazine, the list of IP addresses associated with the leak is available on GitHub and Fortinet customers are being urged to check if their IP address appears on the list of compromised systems. Threatpost recommends upgrading devices to the latest release, performing an organization- wide password reset, and implementing MFA. Server admins should also check logs for possible intrusions and check if their device is on the list of compromised IPs. Lastly, organizations should regularly review and update their IT asset management and conduct a yearly security risk assessment.
If you have any questions with regard to Security for Service Organizations solutions make sure to check out our blog posts and please feel free to ask our online chat representatives any questions about Security for Service Organizations solutions.
Continuous security monitoring of your systems is critical to protecting your company and your customers. Ongoing security tasks such as vulnerability management and penetration testing are vital to protecting your networks and applications.
Contact Adsero Security today to schedule a Security Risk Assessment to identify all your critical assets, vulnerabilities, risks and controls in your company. Use our security risk assessment report to remediate your current risks and determine processes and procedures to reduce or eliminate risks going forward.