CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure
Summary
CISA is alerting organizations to a global trend of malicious actors targeting internet-accessible Fortinet devices using compromised credentials, a campaign dubbed FortiBleed. This activity has resulted in the exposure of credentials for approximately 74,000 Fortinet devices, including firewalls and VPN gateways. CISA strongly advises affected customers to take immediate actions such as resetting credentials, reviewing logs, enabling phishing-resistant MFA, and reducing the attack surface.
IFF Assessment
This article reports on a widespread credential exposure affecting critical network infrastructure, presenting a significant risk to organizations and making it easier for attackers to gain unauthorized access.
Defender Context
Defenders should be aware of the FortiBleed campaign and its implications for Fortinet device security. Prioritizing the immediate reset of credentials, enforcing strong password policies, and implementing phishing-resistant MFA are crucial steps. Reducing the attack surface by restricting administrative access to trusted networks and reviewing logs for suspicious activity will help mitigate the risk of compromise.