« APT actors use Fortinet FortiOS to search for vulnerabilities to gain access to multiple networks of government, commercial and technology services, » said the agency for cybersecurity and infrastructure security.
Sophisticated hackers are actively using three known Fortinet FortiOS vulnerabilities to gain access to networks of government, commercial and technology services, federal officials warned on Friday.
Accessing Fortinet FortiOS for the first time enables the Advanced Persistent Threat (APT) groups to conduct future data extraction or data encryption attacks. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning on cybersecurity. Federal officials said the malicious behavior was discovered in March and did not specify which APT group or groups were exploiting the flaws. « APT actors use Fortinet FortiOS to search for vulnerabilities to gain access to multiple networks of government, Get trade and technology services, « CISA tweeted at 12:42 pm. ET Friday.
The hackers may be using some or all of the Fortinet FortiOS vulnerabilities to gain access to networks in several critical infrastructure sectors, according to CISA and the FBI. In the past, APT groups have exploited critical security flaws to carry out DDoS attacks, ransomware attacks, SQL injection attacks, spear phishing campaigns, website defacements and disinformation campaigns.
« The security of our customers is our top priority Priority, « a Fortinet spokesman in Sunnyvale, Calif., Told CRN in a statement. « If customers have not done this, we urge them to implement the upgrade and mitigation immediately. »
The FBI and CISA reported that hackers were screening devices on three ports for a Fortinet FortiOS vulnerability that could allow an unauthenticated attacker to download system files using specially crafted HTTP resource requests. Fortinet released an update for this vulnerability in May 2019.
The APT actors also exploited a FortiOS vulnerability that could allow an unauthenticated attacker to intercept sensitive information by masquerading as an LDAP server, as well as an improper authentication vulnerability that could allow users to log in can log in successfully without being asked for the second factor of authentication. Fortinet corrected these deficiencies in July 2019 and July 2020, respectively.
The fact that the FBI and CISA had to issue a cybersecurity notice means that some organizations have not yet applied the Fortinet patches made available a year or two ago. Hackers can also use other vulnerabilities or common exploitation techniques such as spear phishing to gain access to critical infrastructure networks in order to prepare for follow-up attacks, according to federal officials.
Fortinet’s flagship FortiOS operating system has been around for a number of years and is used by federal departments and large corporations to manage their networks. The Fortinet advisory comes seven months after the FBI and CISA released an operation with China’s Ministry of State Security in September that allegedly exploited software from F5 Networks, Citrix, Pulse Secure and Microsoft.
Ref: https://www.crn.com
