NCSC: Assume Your Network Is Compromised, If You Haven't Patched It

NCSC: Assume Your Network Is Compromised, If You Haven’t Patched It

Hundreds of organizations still haven’t applied a Fortinet VPN security update released in 2019. UK’s National Cyber Security Centre (UNCSC) says these orgs should assume that they’ve been compromised and act accordingly. 

Cybercriminals and nation-state cyber-espionage operations are trying to take advantage of their unpatched devices and are actively scanning for unpatched vulnerabilities. 

Fortinet issued a critical security update patching the security vulnerability almost two years ago, after it was discovered in 2019. 

The NCSC’s warning followed a report by Kaspersky on how cybercriminals exploit a vulnerability (CVE-2018-13379) in Fortinet VPN to distribute ransomware. By remotely accessing usernames and passwords, threat actors can perform various malicious actions on the compromised network.

Virtual private networks aren’t essential only for securing your unencrypted Wi-Fi connections in coffee shops and airports. Every remote worker should consider a VPN to stay safe online.

Besides NCSC, CISA and the FBI also warned that APTs and nation-state hacking groups were exploiting unpatched vulnerabilities in Fortinet VPNs.

Cybercriminals have published some 50,000 IP addresses of unpatched devices, according to the NCSC. The center warns that 600 of these are located in the UK and are “at very high risk of exploitation.” The NCSC warned that these organizations must assume they are now compromised and should begin incident management procedures. 

The NCSC advises removing such devices from service and resetting their factory settings, and starting an investigation of the network.

“The security of our customers is our first priority. For example, CVE-2018-13379 is an old vulnerability resolved in May 2019. Fortinet immediately issued a PSIRT advisory and communicated directly with customers and via corporate blog posts on multiple occasions in August 2019, July 2020, and again in April 2021 strongly recommending an upgrade,” a Fortinet spokesperson told ZDNet.

“If customers have not done so, we urge them to immediately implement the upgrade and mitigations,” Fortinet added.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.