

























The UK’s National Cyber Security Centre (NCSC) has released guidance for Fortinet customers impacted by a global credential theft campaign.
A database of around 75,000 credentials stolen from FortiGate firewall and SSL VPN customers was discovered by security researchers last week. Dubbed “FortiBleed,” it features usernames, email addresses and plaintext passwords for organizations including Oracle, Spotify, Toyota and AT&T.
It is understood that credentials on around half of all internet-accessible Fortinet firewalls may have been exposed in this way.
According to Hudson Rock, a firm specialized in infostealer malware, the exposed logins impact customers in 194 countries and are linked to over 21,000 unique domains.
Read more on data leaks: Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records.
It’s unclear exactly how the targeted devices were originally accessed – potentially by exploiting legacy vulnerabilities in the products, or a novel zero day.
However, it seems that the threat actors first stole configuration data and then brute-forced the passwords contained within.
The NCSC cited “brute-force, dictionary and credential stuffing attempts.”
Reports suggest many organizations have already suffered full network compromise as a result, and any organization featured in the database is at risk.
The leaked information “is formatted in a way which looks like an eCrime gang – e.g. it lists the type of company, their revenue and country,” said cybersecurity researcher, Kevin Beaumont.
“The operation’s footprint is staggering: the attackers executed an estimated 1.16 billion credential attempts against over 320,000 FortiGate targets, alongside an additional 2.1 billion brute-force attempts directed at over 160,000 MSSQL servers,” added Hudson Rock.
The NCSC urged Fortinet customers to use Hudson Rock's or SOCRadar’s FortiBleed checker tools to see if their devices have been affected,and then to look for indicators of compromise (IoCs) such as unauthorized account creation, or unexpected activity in log files.
It then advised impacted organizations to:
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。