Brace Yourself: Fortinet’s Brute-Force Bonanza Signals Looming Vulnerabilities
Fortinet SSL VPNs faced a surge in brute-force attacks, which then shifted to FortiManager targets. GreyNoise detected this two-wave campaign in August, highlighting that such spikes often signal upcoming vulnerability disclosures. So, next time you notice a spike in activity, don’t just brush it off as a tech hiccup—fortify your defenses!
Hot Take:
It seems like cybercriminals have a new hobby — playing a cat-and-mouse game with Fortinet products. First, they try to break into SSL VPNs like unwelcome relatives at a family reunion, then sneak over to FortiManager like it’s the cool after-party. The only thing missing is a DJ and a disco ball.
Key Points:
– GreyNoise detected a spike in brute-force attacks on Fortinet SSL VPNs, followed by a switch to FortiManager.
– Such activity often precedes the disclosure of new vulnerabilities in Fortinet products.
– The attackers leverage tools and environments possibly linked to previous activities.
– A list of malicious IPs has been identified and should be blocked to prevent intrusion.
– Defenders are advised to bolster security measures on Fortinet devices to ward off potential zero-day disclosures.