The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have warned that APT (advanced persistent threat) nation-state actors are exploiting security vulnerabilities in the Fortinet cybersecurity operating system. According to the alert issued by these agencies, APT actors are scanning for three known security vulnerabilities in order to target both private companies and the government sector.
The three security vulnerabilities in question are CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591. According to the FBI and CISA, attackers are scanning devices found on ports 4443, 8443, and 10443 in search of unpatched Fortinet vulnerabilities. The joint report states that “APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spearphishing campaigns, website defacements, and disinformation campaigns.”
Fortinet is an American cybersecurity company headquartered in California. Fortinet’s products are merged into its Security Fabric architecture, which encompasses firewalls, antivirus, and anti-spam protections. Security Fabric relies on FortiOS, which allows its multiple cybersecurity products to communicate and work together on a single platform. The three aforementioned vulnerabilities are all connected to FortiOS and to its SSL VPN.
These vulnerabilities were previously discovered in 2019, leading to a password leak affecting vulnerable Fortinet VPNs. The same vulnerabilities have been exploited by Russian hackers to target COVID-19 vaccine research.
Fortinet VPN users are urged to patch their firmware to the newest version and enable two-factor authentication in order to prevent falling victim to attacks exploiting these vulnerabilities. Fortinet fixed a wide range of critical vulnerabilities at the beginning of this year, with some of those weaknesses having been discovered more than two years ago. However, it’s up to Fortinet’s users to implement the upgrades the company has pushed out in order to mitigate the threat.
These developments have caused further concerns about the state of cybersecurity in the US, as the country is still dealing with the fallout from the SolarWinds hack.