Hackers have breached roughly 75,000 Fortinet firewalls belonging to corporations and government agencies worldwide, or roughly half of all Fortinet firewalls exposed to the internet, security researchers have said.
A database of Fortinet VPN credentials accidentally discovered by security researcher Bob Diachenko included access tokens for companies including Chevron, Samsung, Foxconn, Comcast, AT&T, Mercedes-Benz, Toyota, Sinopec, State Grid and other, researchers said.
VPNs associated with Fortinet’s own firewall were breached, according to researchers.
VPN credentials
Diachenko said the operation appeared to have been conducted by a Russian-speaking group, based on additional information discovered with the stored credentials.
He said the hackers appeared to have carried out a wide-ranging brute-force campaign to gain the credentials.
However, many of the exposed credentials include long, complex passwords that would be difficult to crack in this way, suggesting that another means may have been employed such as a known or undisclosed software flaw.
An analysis of Diachenko’s data by computer security firm Hudson Rock found that companies whose VPN credentials were breached included Foxconn, Samsung, Comcast, Siemens, Lenovo, PwC, Accenture and Oracle.
Numerous government agencies and critical infrastructure operators are also vulnerable, Hudson Rock said.
Worldwide implications
The largest number of affected devices were located in India, the United States, Taiwan, Mexico, Turkey, Thailand, Colombia, Malaysia, Chile, and the United Arab Emirates, Hudson Rock figures showed.
The most commonly affected sectors are telecommunications, IT services, financial services, government organisations, healthcare providers, educational institutions and manufacturing.
Researcher Kevin Beaumont said the leak relates to approximately half of all internet-accessible Fortinet firewalls, with a majority of the affected devices exposing their FortiGate management interfaces directly to the internet.
Organisations are advised to change passwords associated with Fortinet VPN and administrative interfaces and to examine logs for suspicious activity.
Click Here For The Original Source.
