FortiBleed Attacks - Becoming quite epic now..

As i'm sure you are all aware, the FortiBleed attacks happening over the last week has now become quite epic. If you have been living under a rock for the last week you can find the info here from the ACSC: https://www.cyber.gov.au/about-us/view-all-content/Reported-widespread-credential-exposure-affecting-Fortinet-Firewalls-and-VPN-Gateways

Were now seeing just under 74,000 compromised Fortinet devices across 21,000 domains. Hudson rock actually have a pretty cool search function and are indexing all compromised devices, that you can lookup, you can access it here: https://www.hudsonrock.com/fortinet

This vulnerability is basically down to a lack of hygiene, I hear people saying its always Fortinet and the vendors fault, but its definitely not the case here. All orgs running Fortinet (and really any edge device) need to be ensuring they are following standard security hygiene best practices, rotating credentials periodically, applying patches to these devices as soon as they are available, not presenting admin / management interfaces to the internet in the first place (you should have this ACL'd), ensuring MFA on all accounts, as well as standard logging and response.

If you have been notified by the ACSC that you are affected (or if you have determined this yourself), you can follow the affected organisation guidance from Fortinet here: https://www.fortinet.com/blog/psirt-blogs/analysis-of-reported-credential-compromise-of-fortigate-devices

#danweis #nexon #fortibleed #fortinet #hackproofyoruself #boardroomcyber #nexon #firewalls #patchmanagement