Forti bugs under Active APT Attack
The FBI today issued a flash alert warning that so-called advanced persistent threat actors are exploiting vulnerabilities in cybersecurity appliances from Fortinet Inc.
An APT group has exploited a Fortinet appliance to access a web server hosting the domain of a U.S. municipal government. The alert notes that the APT actors likely created an account with the username “elie” to enable further malicious activity on the network.
The flash alert warns that the access can be leveraged to conduct data exfiltration, data encryption and other malicious activities.
The FBI issued their second alert regarding multiple flaws in Fortinet’s FortiGate SSL VPN being exploited in the wild, and the first was published over a month ago, few years highlighting the use of CVE-2018-13379, a critical flaw in the SSL VPN, by APT groups that was patched two years ago.
The fact that there are still legacy vulnerabilities being exploited in spite of these alerts is a cautionary tale that unpatched flaws remain a valuable tool for APT groups and cybercriminals in general. Unpatched Vulnerability is riskier than zero days
The cybersecurity essentials, critical controls as recommended by many, are there to break the cyber kill chain. Do it, secure and harden your assets, detect any malicious change to them, be aware of your critical devices, make it harder for the APTs to get you.