The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have warned that threat actors were likely exploiting critical vulnerabilities in the Fortinet (opens in new tab) FortiOS VPN (opens in new tab) to plant backdoors in a bid to return and steal data or conduct ransomware (opens in new tab) campaigns.
Fortinet FortiOS is the operating system that powers the company's gamut of security offerings.
“The FBI and CISA believe the APT [advanced persistent threat ] actors are likely exploiting these Fortinet FortiOS vulnerabilities to gain access to multiple government, commercial, and technology services networks,” warns the joint advisory.
- Protect your devices with these best antivirus software (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
- We've also put together a list of the best endpoint protection (opens in new tab) software
Patch immediately
The agencies specifically point to three vulnerabilities, tracked as CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591. The agencies say the hackers could exploit any or all of these vulnerabilities to gain access to secure networks.
Fortinet has already issued patches to mitigate the threats arising from all of these vulnerabilities. The agencies warn that cyberattackers are actively scanning the Internet looking for systems that have not yet applied the patches to plug the vulnerabilities.
Two of the three already-patched vulnerabilities listed in the advisory, CVE-2018-13379 and CVE-2020-12812, are particularly severe because they can be exploited by unauthenticated users to steal authentication credentials (opens in new tab) and connect to vulnerable VPNs.
In their bid to get Fortinet users to act, the agencies also give a rundown of the type of attacks that can be conducted using the vulnerabilities.
“APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spearphishing campaigns, website defacements, and disinformation campaigns,” note the agencies.
In an emailed statement, Fortinet urged its customers who haven’t applied the patches as yet to do so immediately.
- We’ve also rounded up the best business VPN services (opens in new tab)
Via: ZDNet (opens in new tab)