In recent months, a number of security researchers have become aware of a new type of attack that exploits vulnerabilities in Fortinet’s Aptio product line. Dubbed ‘Apt Actors’, these attacks work by exploiting legitimate actions taken by users in order to gain unauthorized access to networks and systems.
Apt actors are exploiting fortinet vulnerabilities
Apt actors are exploiting vulnerabilities in Fortinet’s products for financial gain, according to a report from The Register. Researchers at the firm Cybereason uncovered the attacks, which appear to be focused on two Fortinet products: the FortiGate and FortiClient firewalls.
The hackers exploit vulnerabilities in the products to gain access to networks and servers. They then use this information to launch sophisticated scams or launch attacks against other organizations.
In one instance, a hacker used a vulnerability in the FortiGate product to gain access to the network of a financial institution. The attacker was then able to steal sensitive information and launch cyberattacks against other organizations.
Fortinet has released patches for these vulnerabilities, but many organizations may not have yet installed them. Organizations that have not installed these patches are at risk of being attacked by the Apt actors.
What fortinet vulnerabilities are being exploited?
Attackers are exploiting two vulnerabilities in fortinet firmware to gain access to systems. The first vulnerability, number CVE-2017-17215, was discovered by researchers at Fortinet and is a buffer overflow that can be exploited to remotely execute code on a victim’s system. The second vulnerability, number CVE-2017-17216, was also discovered by research teams at Fortinet and is a denial of service issue that can be used to crash a victim’s system. Both vulnerabilities have been publicly disclosed and are being actively exploited.
Both vulnerabilities are being exploited in spear phishing attacks against individuals and small businesses. Attackers are using exploit kits to install the vulnerabilities on targets’ systems and then use them to launch remote code execution or denial of service attacks. Fortinet has released patches for both vulnerabilities and recommends that users update their firmware as soon as possible.
How do the Apt actors exploit the vulnerabilities?
The Apt actors use a number of techniques to exploit Fortinet vulnerabilities. One common technique is to exploit vulnerabilities in the Fortinet Web Gateway, which allows unauthorized access to a victim’s network. The Apt actors also use spoofed email addresses and malicious links to exploit vulnerabilities in the Fortinet Email Security Appliance.
What are the risks associated with these exploits?
Apt actors exploiting fortinet vulnerabilities present a significant danger to businesses and individuals. The recent discovery of two separate exploits, dubbed “Fortinet Flaw 1” and “Fortinet Flaw 2,” has caused widespread panic in the cyber security community. While these exploits have not yet been publicly used in anger, their potential is extremely serious.
The first exploit, Fortinet Flaw 1, is a remote code execution vulnerability that affects all Fortinet devices running on the Linux operating system. This vulnerability was discovered by researchers at Exodus Intelligence and is currently being exploited by hackers in the wild. If exploited, this vulnerability could allow an attacker to take complete control of a vulnerable device.
The second exploit, Fortinet Flaw 2, is a cross-site scripting (XSS) vulnerability that affects all Fortinet devices running on the web interface. This vulnerability was discovered by researchers at Insecure Trust Solutions and is currently being exploited by hackers in the wild. If exploited, this vulnerability could allow an attacker to inject malicious code into webpages viewed by users of a vulnerable device.
Both exploits are very dangerous and should be treated as serious threats. If you are
What can fortinet do to mitigate these risks?
fortinet is working on a patch for the issue and will release it soon.
Conclusion
While it’s encouraging to see firms like Fortinet taking proactive steps to address security issues, it’s also disappointing that some actors are exploiting vulnerabilities in order to gain access to systems. This is a serious issue because not only does this jeopardize the security of those systems, but it can also expose users’ data and other confidential information.
If you’re a victim of an attack like this, don’t hesitate to reach out to your trusted IT vendor for help repairing or restoring your system. In the meantime, be sure to keep an eye out for any suspicious activity and take steps to secure your network and data.
