Fortinet has released a statement about the leak. In a post on their blog, the company said that credentials were obtained from systems that remained unpatched against FG-IR-18-384 / CVE-2018-13379 at the time of the threat actor’s scan. They noted that while the vulnerability has since been patched, users must update passwords or risk being compromised.
The company offered the following recommendations to address risk associated with the leak:
Recently, the BitSight data science team tested all the vulnerabilities confirmed in the BitSight rating for correlation with ransomware incidents. BitSight has monitored CVE-2018-13379 since 2019, and at the time of writing still is detecting a few thousand vulnerable systems online.
Using a statistical analysis, we found that the presence of the CVE-2018-13379 vulnerability makes an organization nearly twice as likely to suffer a ransomware attack. Additionally, we found that organizations with poor patching cadence performance are up to 7x more likely to be hit with ransomware.
Cyber attacks rarely employ novel, never-before-seen techniques, like zero day attacks. In fact, it is far more common for attackers to acquire information available on the dark web to exploit vulnerabilities. The Fortinet leak is a perfect example of this.
BitSight's inventory of externally visible vulnerabilities enables organizations to make informed decisions that improve security posture and reduce risk. Click here to learn more about how BitSight Security Ratings are calculated.
In early September, a threat actor leaked nearly 500,000 Fortinet VPN login names and passwords that were allegedly scraped from vulnerable devices last summer. The leaked credentials could allow hackers to access an exposed network to...
It happened again - another disruptive ransomware attack. On July 2, 2021 Kaseya, a Florida-based software provider that provides Remote Management Monitoring, warned of its software being abused to deploy ransomware on end-customers'...
In the six months since the SolarWinds supply chain attack there has been increased action in the cybersecurity breach world – and the bad actors aren’t letting up. This means that cybersecurity protection is more critical than ever.