Hundreds of organizations still haven’t applied a Fortinet VPN security update released in 2019. UK’s National Cyber Security Centre (UNCSC) says these orgs should assume that they’ve been compromised and act accordingly.
Cybercriminals and nation-state cyber-espionage operations are trying to take advantage of their unpatched devices and are actively scanning for unpatched vulnerabilities.
Fortinet issued a critical security update patching the security vulnerability almost two years ago, after it was discovered in 2019.
The NCSC’s warning followed a report by Kaspersky on how cybercriminals exploit a vulnerability (CVE-2018-13379) in Fortinet VPN to distribute ransomware. By remotely accessing usernames and passwords, threat actors can perform various malicious actions on the compromised network.
Virtual private networks aren’t essential only for securing your unencrypted Wi-Fi connections in coffee shops and airports. Every remote worker should consider a VPN to stay safe online.
Besides NCSC, CISA and the FBI also warned that APTs and nation-state hacking groups were exploiting unpatched vulnerabilities in Fortinet VPNs.
Cybercriminals have published some 50,000 IP addresses of unpatched devices, according to the NCSC. The center warns that 600 of these are located in the UK and are “at very high risk of exploitation.” The NCSC warned that these organizations must assume they are now compromised and should begin incident management procedures.
The NCSC advises removing such devices from service and resetting their factory settings, and starting an investigation of the network.
“The security of our customers is our first priority. For example, CVE-2018-13379 is an old vulnerability resolved in May 2019. Fortinet immediately issued a PSIRT advisory and communicated directly with customers and via corporate blog posts on multiple occasions in August 2019, July 2020, and again in April 2021 strongly recommending an upgrade,” a Fortinet spokesperson told ZDNet.
“If customers have not done so, we urge them to immediately implement the upgrade and mitigations,” Fortinet added.
