UpTrajectory Review
A significant security breach has been identified involving Fortinet firewalls, impacting major corporations and organizations worldwide. Researchers found that Russian-speaking attackers gained access to nearly 74,000 devices, exposing sensitive credentials and organizational details. This incident highlights the vulnerabilities in cybersecurity infrastructure that can affect even the largest players in the market.
For small business owners, this breach serves as a stark reminder of the importance of robust cybersecurity measures. With attackers targeting widely used systems, it's crucial to assess your own security protocols and ensure that your organization is not using outdated or vulnerable technology. Additionally, consider investing in employee training to recognize potential phishing attempts and other security threats. The scale of this breach indicates that no organization is too big or too small to be a target.
As Kevin Beaumont noted, 'almost all' of the compromised devices remained online, which underscores the urgency for businesses to act quickly to secure their systems.
Takeaway: Review and strengthen your cybersecurity measures to protect against potential breaches.
From the original item — Ars Technica:
Researchers have uncovered a massive breach of Fortinet firewalls that has given Russian-speaking attackers near-unrestricted access to some of the world’s largest and most powerful organizations, including Oracle, Chevron, Lenovo, Federal Express, a NATO defense contractor, and Fortinet itself.
Nearly 74,000 Fortinet devices from more than 21,000 IP addresses in 194 countries have been compromised and their plaintext credentials exposed online, Bob Diachenko, a security researcher and head of SecurityDiscovery.com, said online and in an interview. He said he found the data after gaining access to the attackers’ command-and-control server and other infrastructure. The exposed data also included the industry, revenue, and employee count for each compromised organization.
Independent researcher Kevin Beaumont reported that “almost all” of the compromised devices remained online as of Wednesday morning. He went on to say that he has confirmed with multiple organizations found in the attackers’ logs that the credentials are real and current. In many cases, once the threat actors compromised the devices, they went on to access affected organizations’ centralized authentication systems, such as Radius servers and Microsoft Active Directory. The number of compromised devices comprises roughly half of all Internet-facing Fortinet firewalls, based on polling from Shodan.