Cybercriminals exploit weak passwords to breach thousands of Fortinet firewalls | PiQ Markets

Cybercriminals exploit weak passwords to breach thousands of Fortinet firewalls | PiQ Markets

Cybercriminals exploit weak passwords to breach thousands of Fortinet firewalls

↳ Why This Matters

This widespread breach highlights a critical cybersecurity vulnerability where attackers exploit basic security hygiene, such as weak or reused passwords, to compromise essential network infrastructure. The ongoing nature of the attack and its self-feeding mechanism pose a significant risk to global companies and government agencies, potentially leading to extensive data theft and further network

Key facts

Tens of thousands of Fortinet firewalls and VPNs have been compromised globally.
The hacking campaign, FortiBleed, exploits weak or reused passwords, not unknown vulnerabilities.
Hackers use automated scanning and known credential lists to gain access.
Compromised devices are used to monitor traffic and steal further credentials.
Over 73,000 Fortinet URLs were found to be hacked by Hudson Rock.
Victims include major companies across various sectors and government agencies.

Cybercriminals have compromised tens of thousands of Fortinet firewalls and VPNs used by major companies worldwide in an ongoing campaign dubbed FortiBleed. Cybersecurity firms Hudson Rock and SOCRadar reported that the attackers are not exploiting unknown vulnerabilities but rather leveraging lists of previously known passwords to gain access to devices. This method involves scanning the internet for exposed Fortinet devices and then using common or leaked credentials to breach them.

Once inside, the cybercriminals use the compromised devices as a "listening post" to monitor network traffic and steal additional sensitive data, including more credentials. These newly acquired passwords are then fed back into the scanning process, creating a self-perpetuating cycle of compromise. Hudson Rock identified evidence of over 73,000 unique Fortinet URLs being hacked, while SOCRadar reported more than 30,000 compromised devices.

Victims include prominent companies such as Accenture, Comcast, Foxconn, Lenovo, Oracle, Samsung, Siemens, and PwC. The countries most affected are India, the United States, Taiwan, and Mexico, though victims are spread globally. The primary industries impacted are IT services, construction materials, and telecommunications, with government agencies also falling prey to the attacks. Both cybersecurity firms suggest the group behind the campaign is Russian-speaking.

This campaign differs from previous attacks on Fortinet devices, which often involved exploiting specific software vulnerabilities. The FortiBleed campaign relies on a simpler, less sophisticated approach of using leaked passwords, highlighting a persistent cybersecurity challenge for organizations worldwide.

Frequently asked questions

FortiBleed is an ongoing cyberattack campaign where criminals are compromising tens of thousands of Fortinet firewalls and VPNs by exploiting weak or reused passwords.

Attackers use automated tools to scan for exposed Fortinet devices and then use lists of previously known or leaked passwords to gain unauthorized access.

Once compromised, devices are used to monitor network traffic and steal additional sensitive data and credentials, which are then used to compromise more devices.

Major companies like Accenture, Oracle, and Samsung are among the victims. India, the United States, Taiwan, and Mexico have the highest number of affected devices.

What Happens Next

01Companies are urged to change passwords on their Fortinet devices and ensure credentials are not compromised.

02Further investigation into the extent of data compromised and the full list of victims is expected.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence