Firewall Fiasco: Zero-Day Bug Chaos in Fortinet FortiGate!
Experts warn of a new campaign targeting a zero-day in Fortinet FortiGate firewalls. Threat actors exploit exposed management interfaces, gaining unauthorized access. Organizations are urged to disable management access on public interfaces to thwart these digital Houdinis.
Hot Take:
It seems like cybercriminals have decided to take a joyride through Fortinet FortiGate firewalls, and they’ve got a roadmap that even Google Maps would envy. Who knew that playing hide-and-seek with firewall vulnerabilities could be this much fun? But seriously, if your firewall management interfaces are exposed online, you might as well roll out a red carpet for hackers. Perhaps it’s time to give those interfaces a lockdown more secure than a celebrity’s social media account.
Key Points:
- Arctic Wolf researchers observed a campaign targeting Fortinet FortiGate firewalls using a suspected zero-day vulnerability.
- The attack involved unauthorized access to devices, account creation, and configuration modification.
- The campaign unfolded in four phases: scanning, reconnaissance, VPN setup, and lateral movement.
- Automated logins from unusual IPs were a hallmark of the attack, targeting firmware versions 7.0.14 to 7.0.16.
- Fortinet addressed a critical flaw in June 2023, but this new attack suggests ongoing threats.