Safety researchers say malicious hackers have been exploiting a newly found vulnerability in Fortinet firewalls to interrupt into company and enterprise networks.
In an advisory revealed Tuesday, safety product maker Fortinet confirmed {that a} critical-rated vulnerability in its FortiGate firewalls, tracked as CVE-2024-55591, is “being exploited within the wild.”
Fortinet made patches out there, however safety researchers have warned that hackers have been mass-exploiting the vulnerability as a zero-day — that means earlier than Fortinet was conscious of the vulnerability and made fixes out there — since December.
That is the newest instance of hackers exploiting a vulnerability in a preferred enterprise safety product designed to guard company networks from intruders. Information of the Fortinet bug lands days after it was revealed that attackers are exploiting a separate zero-day flaw in Ivanti VPN servers that enables entry to clients’ networks.
Cybersecurity firm Arctic Wolf mentioned in a weblog publish final week that its researchers noticed a current “mass exploitation” marketing campaign affecting Fortinet FortiGate firewall units with administration interfaces uncovered to the general public web.
Stefan Hostetler, lead risk intelligence researcher at Arctic Wolf, confirmed to TechCrunch that this noticed exploitation is linked to the newly confirmed CVE-2024-55591 vulnerability in Fortinet firewalls.
Hostetler instructed TechCrunch that Arctic Wolf had “noticed a cluster of intrusions affecting Fortinet units within the tens,” however notes that this solely represents a “restricted pattern in comparison with the whole precise variety of units that had been probably affected.”
“The proof factors to an effort to use a lot of units inside a slim timeframe,” added Hostetler.
When reached by TechCrunch, Fortinet spokesperson Tiffany Curci declined to say what number of Fortinet clients had been compromised on account of this hacking marketing campaign, however mentioned that the corporate was “proactively speaking with clients.”
It’s additionally unclear who’s behind the assaults on Fortinet firewalls, however cybersecurity researcher Kevin Beaumont writes on Mastodon that the vulnerability is “beneath exploitation by a ransomware operator.”
Hostetler mentioned that ransomware assaults exploiting the bug are “not off the desk,” noting that in earlier analysis, Arctic Fox “noticed associates of ransomware teams reminiscent of Akira and Fog utilizing a number of the identical community suppliers to determine VPN connectivity.”
In a short assertion on Tuesday, U.S. cybersecurity CISA urged Fortinet clients to replace any affected units.
In September, Fortinet disclosed a breach involving buyer knowledge after an attacker accessed “a restricted variety of recordsdata” saved on a third-party shared cloud drive belonging to the group.