Security researchers say malicious hackers are exploiting newly discovered vulnerabilities in Fortinet's firewalls to infiltrate businesses and enterprise networks.
In an advisory published Tuesday, security product maker Fortinet said a vulnerability rated critical in its FortiGate firewall, tracked as CVE-2024-55591, is “being exploited in the wild.” I admitted it.
Although Fortinet has made a patch available, security researchers say hackers have been using the vulnerability since December as a zero-day (meaning before Fortinet was aware of the vulnerability and made a fix available). I warned you that there was a lot of sexual abuse going on.
This is the latest example of hackers exploiting vulnerabilities in popular enterprise security products designed to protect corporate networks from intruders. News of the Fortinet bug comes days after it was revealed that attackers were exploiting another zero-day flaw in Ivanti VPN servers that gave them access to customers' networks.
Cybersecurity company Arctic Wolf said in a blog post last week that its researchers observed a recent “massive exploitation” campaign affecting Fortinet FortiGate firewall devices whose management interfaces are exposed to the public internet. said.
Stefan Hostetler, lead threat intelligence researcher at Arctic Wolf, confirmed to TechCrunch that the observed exploit is related to the newly identified CVE-2024-55591 vulnerability in the Fortinet firewall. .
Hostetler told TechCrunch that Arctic Wolf “observed clusters of intrusions affecting dozens of Fortinet devices,” but this was “compared to the total number of actual devices that appear to have been affected.” It was pointed out that this was only a limited sample.
“The evidence points to an effort to exploit a large number of devices within a narrow time frame,” Hostetler added.
In an interview with TechCrunch, Fortinet spokesperson Tiffany Cursi declined to say how many Fortinet customers were compromised as a result of the hacking campaign, but said the company is “actively communicating with customers.” “We are taking the following measures.”
It's unclear who is behind the attack on Fortinet's firewall, but cybersecurity researcher Kevin Beaumont wrote in Mastodon that the vulnerability is “being exploited by ransomware operators.”
Hostetler said a ransomware attack exploiting the bug is “not unexpected” and noted that previous research by Arctic Fox found that “affiliates of ransomware groups such as Akira and Fog have been able to establish VPN connections. We observed that they were using some of the same network providers.”
In a brief statement Tuesday, US Cyber Security CISA urged Fortinet customers to update their affected devices.
In September, Fortinet disclosed a breach involving customer data after an attacker accessed a “limited number of files” stored on a shared third-party cloud drive owned by the organization.