Industry News

Running Fortinet VPN – Please take note

In late 2020 a hacker posted exploits for almost 50 000 vulnerable Fortinet VPN’s. iTOO’s incident triage and digital forensic partner Cyanre obtained access to the IP addresses of the vulnerable VPN devices and have confirmed that a large number of these belong to South African organisations.

The vulnerability initially identified in 2018 and referred to as CVE-2018-13379 exploits a path traversal flaw on unpatched Fortinet FortiOS SSL VPN devices. Exploiting this vulnerability allows unauthorised remote attackers to access system files via specially crafted HTTP requests. Put simply exploiting this weakness allow hackers to steal login credentials which could then be used to compromise the network. This access could then be used to steal data and/or deploy ransomware.

Danny Myburgh, Managing Director at Cyanre Digital Forensic labs, confirmed that they have responded to a number of incidents over the past couple month where this weakness was exploited and that having gained access to the list of vulnerable IP addresses confirmed that a number of South African companies are at risk.

Fortigate have recently released security updates to resolve a few critical vulnerabilities in SSL VPN and their web firewall.

“As the workplace revolution with increased work from home persists, hackers are actively targeting functionality like remote access via VPN. We have also seen a developing trend in cyber extortion attacks where hackers are looking to exploit vulnerabilities to gain unauthorised access to an environment and then steal data before deploying their ransomware,” says iTOO Cyber Insurance Product Head, Ryan van de Coolwiijk. “Increasingly, we are also seeing the ransomware impact both production and backup environments, having a disconnected backup copy is becoming vital. It is also important to ensure that you seek expert incident response services and guidance to ensure that you manage the data compromise and look after those who may be impacted. The bulk of these services are provided as part of a cyber insurance policy.”

We urge brokers to notify their clients and clients to check and ensure that the patch management processes are robust and critical patches such as those being released by Fortigate are applied as soon as they can be.

Patching remains critical, perhaps now more than ever before.

iTOO Loves Brokers. What Do You Love?

It’s that time of year again! Love is in the air and people everywhere anxiously await hearing those three...

11 February 2021

Africa: Top Risks for February 2021

In February, pandemic-induced socio-economic grievances will spill over in cities across the Middle East and Africa, particularly in Malawi, Sudan...

5 February 2021

Significant Kidnap Events

Pakistan Armed men abducted and killed 11 coal miners in Machh, a small mining town in Baluchistan province, on 3 January. All...

3 February 2021