Posted on April 4, 2021 at 1:39 PM
The FBI recently announced their concerns over advanced hackers exploiting the vulnerabilities at the Fortinet FortiOS VPN to launch an attack. These concerns have also been shared by the Cybersecurity and Infrastructure Security Agency.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Agency (CISA), has warned of the high chances of Advanced Persistent Threat (APT) actors targeting the critical vulnerabilities in the Fortinet FortiOS servers. The two agencies gave a warning regarding this in a joint publication and stated that hackers may be exploiting the vulnerabilities to access various government services.
Impact of compromised servers
The APT actors may exploit the security bugs to compromise the networks of government agencies, companies and technology service providers. Once they gain initial entry to the servers, they may use the weakness to carry out serious future attacks. According to the Joint Advisory publication, the APT hackers will use various CVEs to access the networks of crucial infrastructure sectors as a way of prepositioning. This will pave way for them to exfiltrate data in the future and even encrypt or decrypt data in the key networks.
Some of the techniques that may be used by these APT actors include spearphishing as way of gaining access to crucial infrastructure on the network as a way of pre-positioning to conduct future attacks. In the past, there have been multiple instances of the APT actors exploiting critical vulnerabilities in various sectors to carry on attacks such as DDos attacks, create ransomware, spearphishing, disinformation tactics, SQL attacks and website attacks.
However, the FBI and the CISA have also announced their preparedness to deal with any attack on key networks. The two agencies have already out in place various mitigation measures that will prevent these attacks from happening.
Fortinet vulnerabilities exploited in the past
It is not the first time for critical vulnerabilities in Fortinet to be exploited. In the last part of 2020, an APT actor shared the details of the CE-2018-13370 that could be exploited to gain access to VPN credentials from over 50,000 Fortinet VPN servers.
These servers included those from banks and government agencies. The vulnerability of this CVE was then exploited to compromise the online support systems in the U.S elections by compromising the Fortinet FortiOS Security Socket Layer (SSL). Microsoft had also given a warning of APT actors in China, Russia and Iran trying to target the US elections by exploiting such vulnerabilities.
In the early months of this year, Fortinet provided solutions for various severe vulnerabilities that were affecting a number of its products such as Remote Code Execution (RCE), SQL Injection and Denial of Service (DoS).
After the Joint advisory, provided by the FBI and the CISA, Fortinet gave their response stating that they were managing vulnerabilities in their servers through consistent upgrades and mitigation measures. They also stated that they had resolved the CVE-2018-13379 vulnerability.
The FBI and the CISA did not provide any details about the identity of the APT actors who were exploiting the vulnerabilities on Fortinet. However, they advised Fortinet consumers to be cautious and to put the necessary measures in place.