UPDATED 22:29 EST / MAY 27 2021

SECURITY

FBI warns APT actors are targeting vulnerabilities in Fortinet appliances

The U.S. Federal Bureau of Investigation today issued a flash alert warning that so-called advanced persistent threat actors are exploiting vulnerabilities in cybersecurity appliances from Fortinet Inc.

According to the FBI, an APT group — APT groups are typically state-sponsored — has exploited a Fortinet appliance to access a web server hosting the domain of a U.S. municipal government. The alert notes that the APT actors likely created an account with the username “elie” to enable further malicious activity on the network.

The flash alert warns that the access can be leveraged to conduct data exfiltration, data encryption and other malicious activities. The FBI also warns that APT actors are actively targeting a broad range of victims across multiple sectors, indicating that the activity is focused on exploiting vulnerabilities rather than targeted at specific sectors.

The new flash alert comes after the FBI warned that hackers were actively targeting FortiOS vulnerabilities in early April.

“The FBI issued their second alert regarding multiple flaws in Fortinet’s FortiGate SSL VPN being exploited in the wild, and the first was published over a month ago,” Tyler Shields, chief marketing officer at asset management and governance solutions firm JupiterOne Inc., told SiliconANGLE. “However, multiple U.S. government agencies, including the FBI, the NSA and CISA, have published several alerts over the last few years highlighting the use of CVE-2018-13379, a critical flaw in the SSL VPN, by APT groups that was patched two years ago.”

The fact that there are still legacy vulnerabilities being exploited in spite of these alerts is a cautionary tale that unpatched flaws remain a valuable tool for APT groups and cybercriminals in general, Shield added. “The risk is further heightened by the broad shift of the workforce over the past year,” he said. “Unpatched vulnerabilities, not zero-days, are the biggest threat to most organizations today because it gets attackers to their end goal in the fastest and cheapest way.”

Dirk Schrader, global vice president, security research at cybersecurity and compliance software company New Net Technologies Ltd., noted that quite often, the only sophistication APT groups need to have is patience and a good search capability. “The rest is done by the victims,”he said. “The cybersecurity essentials, critical controls as recommended by many, are there to break the cyber kill chain. Do it, secure and harden your assets, detect any malicious change to them, be aware of your critical devices, make it harder for the APTs to get you.”

Image: Fortinet

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU