Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Fortinet. Show all posts
Perception Point
Artificial Intelligence Cyber Security Digital Security Fortinet Perception Point

Fortinet Acquires Perception Point to Enhance AI-Driven Cybersecurity

 


Fortinet, a global leader in cybersecurity with a market valuation of approximately $75 billion, has acquired Israeli company Perception Point to bolster its email and collaboration security capabilities. While the financial terms of the deal remain undisclosed, this acquisition is set to expand Fortinet's AI-driven cybersecurity solutions.

Expanding Protections for Modern Workspaces

Perception Point's advanced technology secures vital business tools such as email platforms like Microsoft Outlook and Slack, as well as cloud storage services. It also extends protection to web browsers and social media platforms, recognizing their increasing vulnerability to cyberattacks.

With businesses shifting to hybrid and cloud-first strategies, the need for robust protection across these platforms has grown significantly. Fortinet has integrated Perception Point's technology into its Security Fabric platform, enhancing protection against sophisticated cyber threats while simplifying security management for organizations.

About Perception Point

Founded in 2015 by Michael Aminov and Shlomi Levin, alumni of Israel’s Intelligence Corps technology unit, Perception Point has become a recognized leader in cybersecurity innovation. The company is currently led by Yoram Salinger, a veteran tech executive and former CEO of RedBand. Over the years, Perception Point has secured $74 million in funding from major investors, including Nokia Growth Partners, Pitango, and SOMV.

The company's expertise extends to browser-based security, which was highlighted by its acquisition of Hysolate. This strategic move demonstrates Perception Point's commitment to innovation and growth in the cybersecurity landscape.

Fortinet's Continued Investment in Israeli Cybersecurity

Fortinet’s acquisition of Perception Point follows its 2019 purchase of Israeli company EnSilo, which specializes in threat detection. These investments underscore Fortinet’s recognition of Israel as a global hub for cutting-edge cybersecurity technologies and innovation.

Addressing the Rise in Cyberattacks

As cyber threats become increasingly sophisticated, companies like Fortinet are proactively strengthening digital security measures. Perception Point’s AI-powered solutions will enable Fortinet to address emerging risks targeting email systems and collaboration tools, ensuring that modern businesses can operate securely in today’s digital-first environment.

Conclusion

Fortinet’s acquisition of Perception Point represents a significant step in its mission to provide comprehensive cybersecurity solutions. By integrating advanced AI technologies, Fortinet is poised to deliver enhanced protection for modern workspaces, meeting the growing demand for secure, seamless operations across industries.

Read more »
Vulnerabilities and Exploits
Critical Flaw Fortinet IT Flaw Security Patch threat report Vulnerabilities and Exploits

New Flaws in Fortinet, SonicWall, and Grafana Pose Significant Threats

 

Cyble Research and Intelligence Labs (CRIL) has discovered new IT vulnerabilities that affect Fortinet, SonicWall, Grafana Labs, and CyberPanel, among others. 

The report for the week of October 23-29 identifies seven security flaws that require immediate attention from security teams, especially given the large number of exposed devices. The most recent discoveries show that vulnerabilities in Fortinet, SonicWall, and Grafana Labs affect over 1 million web-facing assets.

Notably, two critical vulnerabilities in CyberPanel have already been exploited in huge ransomware assaults. Organisations are recommended to quickly investigate their environments for these vulnerabilities and apply the relevant fixes and mitigations. 

Cyble's researchers have detailed the following top vulnerabilities, emphasising their potential impact on IT security: 

CVE-2024-40766: SonicWall SonicOS 

CVE-2024-40766 indicates an improper access control flaw within the administrative interface of SonicWall's SonicOS, with a severity rating of 9.8. This vulnerability has piqued the interest of managed security organisations such as Arctic Wolf, who report that ransomware gangs such as Fog and Akira are exploiting it in SSL VPN setups to breach networks. 

CVE-2024-9264: Grafana labs 

The 9.4-rated vulnerability, CVE-2024-9264, affects Grafana Labs' open-source analytics and monitoring platform's SQL Expressions capability. This flaw allows for command injection and local file inclusion since user input in 'duckdb' queries is not properly sanitised. 

CVE-2024-46483: Xlight FTP server

This critical integer overflow bug impacts the Xlight FTP Server, allowing hackers to exploit packet parsing logic and cause heap overflows. With the accessibility of public Proof of Concepts (PoCs), this vulnerability could be used in a variety of attack tactics. 

Prevention tips 

  • Ensure that all software and hardware systems receive the most recent patches from official vendors. 
  • Use an organised approach to inventory management, patch assessment, testing, deployment, and verification. 
  • To reduce the attack surface, isolate key assets with firewalls, VLANs, and access controls. 
  • Establish and maintain an incident response strategy, which should be evaluated on a regular basis to respond to emerging threats. 
  • Employ complete monitoring technologies to discover and analyse suspicious actions in real time. Keep up with vendor, CERT, and other sources' alerts to promptly fix issues.
Read more »
IT Infrastructure
Australia Australian Businesses Cyberattack cybercriminals Data Breach Fortinet Hacker attack Hackers IT Infrastructure

The Growing Threat of Data Breaches to Australian Businesses

 

Data breaches are now a significant threat to Australian businesses, posing the risk of "irreversible brand damage." A cybersecurity expert from Fortinet, a global leader in the field, has raised alarms about cybercriminals increasingly targeting the nation’s critical infrastructure. Cybercriminals are continually finding new ways to infiltrate Australia’s infrastructure, making businesses highly vulnerable to attacks. 

The Australian federal government has identified 11 critical sectors under the Security of Critical Infrastructure Act, which was amended in 2018 to enforce stricter regulations. Businesses in these sectors are required to complete annual reporting to notify the federal government of any attempts to access their networks. Michael Murphy, Fortinet’s Head of Operational Technology and Critical Infrastructure, recently discussed the severity of cyber threats on Sky News Business Weekend. During the 2022-2023 financial year, 188 cybersecurity incidents were reported across critical sectors, highlighting ongoing risks to national networks like water and energy supplies. 

Additionally, the Australian Bureau of Statistics found that 34 percent of businesses experienced resource losses managing cybersecurity attacks in the 2021-2022 financial year, and 22 percent of Australian businesses faced a cybersecurity attack during that period—more than double the previous year’s figure. Even small businesses are now vulnerable to cybercrime. Murphy pointed out that among entities with mandatory reporting, 188 incidents were reported, with 142 incidents reported by entities outside of critical infrastructure, demonstrating the widespread nature of the threat. He explained that hackers are motivated by various factors beyond financial gain, including the desire for control. 

The consequences of cyber attacks can be severe, disrupting systems and causing significant downtime, which leads to revenue loss and irreversible brand damage. Critical infrastructure sectors face unique challenges compared to the IT enterprise. Quick restoration of systems is often not an option, and recovery can take considerable time. This extended downtime not only affects revenue but also damages the reputation and trustworthiness of the affected organizations. Murphy noted that many incidents are driven by motives such as financial profiteering, socio-political influence, or simply the desire of hackers and syndicates to boost their credibility. 

As cyber threats evolve, it is crucial for businesses, especially those in critical infrastructure sectors, to strengthen their cybersecurity measures. While annual reporting and adherence to federal regulations are essential, proactive strategies and advanced security technologies are necessary to mitigate risks effectively.
Read more »
Vulnerabilities and Exploits
Fortinet Ransomware Security Vendors Threat Landscape Vulnerabilities and Exploits

Cybercriminals Are Becoming More Proficient at Exploiting Vulnerabilities

 

According to Fortinet, cybercriminals have their sights on the increasing number of new vulnerabilities triggered by the expansion of online services and applications, as well as the rapid rise in the number and variety of connected devices. It's only inevitable that assaults targeting those vulnerabilities will increase.

The most recent semiannual report provides a snapshot of the active threat landscape and highlights trends from July to December 2023, including an analysis of the rate at which cyber criminals are capitalising on newly discovered exploits from across the cybersecurity industry, as well as the rise of targeted ransomware and wiper activity against the industrial and OT sectors.

Attacks began an average of 4.76 days after new exploits were publicly revealed: FortiGuard Labs, like the 1H 2023 Global Threat Landscape Report, wanted to understand how long it takes for a vulnerability to go from initial release to exploitation, whether flaws with a high Exploit Prediction Scoring System (EPSS) score are exploited faster, and whether EPSS data could be used to predict the average time-to-exploitation.

Vendors’ obligation to disclose flaws 

Based on this analysis, attackers increased the rate at which they exploited newly revealed vulnerabilities in the second half of 2023 (43% faster than in the first half of 2023). This highlights the importance of vendors committing to internally discovering vulnerabilities and implementing patches before exploitation starts. It also emphasises the importance of vendors disclosing vulnerabilities to customers proactively and transparently in order to provide them with the information they need to successfully secure their assets before cyber attackers exploit N-day flaws. 

CISOs and security teams need to be concerned about more than simply newly found vulnerabilities. According to Fortinet telemetry, 41% of organisations discovered exploits from signatures that were less than a month old, while 98% detected N-Day vulnerabilities that had existed for at least five years.

FortiGuard Labs has also observed threat actors exploiting vulnerabilities that are more than 15 years old, emphasising the importance of upholding security hygiene and prompting organisations to act quickly through a consistent patching and updating programme, employing best practices and guidance from organisations such as the Network Resilience Coalition to improve network security overall. 

Ransomware targeting critical sectors 

44% of all ransomware and wiper samples targeted the industrial sector. Ransomware detections decreased by 70% across all Fortinet sensors when compared to the first half of 2023. The observed drop in ransomware over the last year can be due to attackers moving away from the old "spray and pray" technique and towards a more focused approach, primarily targeting the energy, healthcare, manufacturing, transportation and logistics, and automotive industries. 

Botnets shown amazing durability, with command and control (C2) connections ceasing on average 85 days after initial detection. While bot traffic remained consistent with the first half of 2023, FortiGuard Labs continued to see the more prominent botnets of recent years, such as Gh0st, Mirai, and ZeroAccess, but three new botnets surfaced in the second half of 2023: AndroxGh0st, Prometei, and DarkGate. 

38 of the 143 advanced persistent threat (APT) groups listed by MITRE were observed to be active during the second half of 2023. FortiRecon, Fortinet's digital risk prevention solution, reports that 38 of the 143 Groups tracked by MITRE were active in the second half of 2023. The most active groups included the Lazarus Group, Kimusky, APT28, APT29, Andariel, and OilRig. 

“The 2H 2023 Global Threat Landscape Report from FortiGuard Labs continues to shine a light on how quickly threat actors are taking advantage of newly disclosed vulnerabilities. In this climate, both vendors and customers have a role to play. Vendors must introduce robust security scrutiny at all stages of the product development life cycle and dedicate themselves to responsible radical transparency in their vulnerability disclosures. With over 26,447 vulnerabilities across more than 2,000 vendors in 2023 as cited by NIST, it is also critical that customers maintain a strict patching regimen to reduce the risk of exploitation,” stated Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, FortiGuard Labs.
Read more »
ThirdEye infostealer
FortiGuard FortiGuard Lab Fortinet Infostealer malware Open System information ThirdEye ThirdEye infostealer

ThirdEye: New Infostealer is Targeting Open System Information


FortiGuard Labs recently noted some suspicious-looking files during their cursory review. An investigation of the issue revealed the files were in fact malicious. This infostealer has been labeled as the “ThirdEye”.

While not particularly sophisticated, this malware is made to take different pieces of data from infected devices that can be used as a foundation for more attacks.

The ThirdEye 

The investigation on the infostealer began when the FortiGuard Lab researchers noticed an archive file named “Табель учета рабочего времени.zip” (English trans. “time sheet”). The zip file included two files immediately identified as “up to no good.”

Both files contain a double extension (.exe followed by a different document-related extension). One of the files is "CMK равила oормлени олнин листов.pdf.exe," which is an executable rather than a document and is labeled "QMS Rules for issuing sick leave" in English. f6e6d44137cb5fcee20bcde0a162768dadbb84a09cc680732d9e23ccd2e79494 is the file's SHA2 hash value.

The ThirdEye info stealer has comparatively simpler functionality. It contains a variety of system information based on compromised machines, like BIOS and hardware data. Additionally, it lists ongoing processes, folders and files, and network data. All of this information is gathered by the malware once it has been run, and it then sends it to its command-and-control (C2) server, which is located at (hxxp://shlalala[.]ru/general/ch3ckState). As compared to other infostealers, this one does nothing else.

An interesting string sequence unique to the ThirdEye infostealer family is the “3rd_eye”, which it decrypts and combines with another hash value to identify itself to the C2.

The second file in the archive is the “Табель учета рабочего времени.xls.exe”, which has the same name as its parent file. This file is a variant of the ThirdEye infostealer, created to achieve the same functions as f6e6d44137cb5fcee20bcde0a162768dadbb84a09cc680732d9e23ccd2e79494.

While there is no substantial evidence that could confirm that the ThirdEye infostealer was used in attacks, the malware however is created to steal valuable information from compromised machines, in order to have a better understanding of potential targets, and narrowing them down further. Moreover, there are speculations that the info stealer’s victims will be subject to future cyberattacks.

Since ThirdEye is not yet under the ‘severe’ radar, the FortiGuard investigation found that the threat actors involved have put efforts into strengthening the infostealer, such as recent samples collecting more system information compared to older variants, and it is anticipated to improve further.

Read more »
Training program
Cyber defense Cyber Security Cybersecurity awareness cybersecurity solutions FortiGuard Fortinet Training program

Cybersecurity Defense: Employee Cybersecurity Awareness Now a Priority


Fortinet’s FortiGuard Labs, in their recent reports, discovered that ransomware threats are still at the top of the list in terms of cyber threat, with the cases only growing on a global level. Likewise, Fortinet discovered that in 2022, 84% of firms faced one or more breaches.

The research by Fortinet reveals that more than 90% of the cybersecurity experts agree that the surging frequency of cyberattacks can be reduced if organizations focus on increasing their employees’ cybersecurity awareness.

The report emphasizes the critical role of employees in serving as an organization's first line of defense in defending their firm from cybercrime as it becomes more common for businesses to confront cyber threat incidents.

Lack of Cybersecurity Awareness Among Employees

The report further revealed that among all the organizations surveyed, 81% of them confirmed to have experienced at least one cyber incident, be it malware, phishing or password breach over the course of last year. Most of the attacks were primarily targeted at organization’s employees, who apparently has access to the firm’s systems. This emphasizes how a company's employees could either be its weakest link or one of its strongest defenses.

Nearly 85% of the organization leaders claims that their organization has adequate security awareness and training program provided to its employees. However, 50% believed that their employees, regardless of the training programs still lack a proper cybersecurity knowledge.

This variation shows that the existing training programs may not be as successful as they could be, leading to inconsistent use of appropriate cyber hygiene measures by staff, or that instruction may not be effectively reinforced.

Board of Directors Prioritizing Cybersecurity 

Given the fact that many of these cyber-attacks are targeted to users, it is likely that boards already recognize—or will do so soon—that employee cybersecurity awareness is an essential component of the "defense equation". 93% of businesses said their board of directors often questions them about their cyber security and strategy.

John Maddison, EVP of Products and CMO at Fortinet says, “Our 2023 Security Awareness and Training Global Research Brief underscores the crucial role employees play in preventing cyberattacks. It also highlights the critical need for organizations to prioritize security awareness and training services to ensure employees serve as the first line of defense.”

One of the best solutions to avoid cybersecurity incidents an organization can adopt is by conducting better training program, setting the groundwork for a culture of cybersecurity that is ready and strong. This way, employees would attain a better cyber-risk awareness and further encourage them to defend their organization whenever the situation calls.

Organizations are aware that they require sophisticated cybersecurity solutions and that technological certifications help their IT employees' cybersecurity skills. Employee awareness may not have gotten the full attention it deserves up to this point, but it may become crucial in the years to come in the fight against cybercrime.  

Read more »
Zero-Day Attack
BoldMove Backdoor Chinese Actors Fortinet Fortinet FortiOS FortiOS Google Hackers Linux Mandiant Threat Intelligence Vulnerabilities and Exploits zero-day Zero-Day Attack

Hackers Designs Malware for Recently Patched Fortinet Zero-Day Vulnerability


Researchers who recently disclosed and patched the zero-day vulnerability in Fortinet's FortiOS SSL-VPN technology have identified a new backdoor, specifically created in order to run on Fortinet’s FortiGate firewalls. 

Initial evidence collected by Google-owned security firm Mandiant suggests that the exploitation occurred in October 2022, nearly two months before the vulnerability was patched. Targets included a government entity in Europe and a managed services provider in Africa. 

According to a report published by Mandiant, the malware appears to have been created by a China-based threat actor that conducts cyber-espionage operations against individuals and groups associated with the government. 

It is the most recent instance of attackers from the country attacking firewalls, IPS, IDS, and other technologies used by businesses to secure their networks that are internet-facing. 

BoldMove Backdoor 

The attacks involved the use of a sophisticated backdoor known as BOLDMOVE, a Linux variant created especially to run on Fortinet's FortiGate firewalls. 

The intrusion vector in question is the exploitation of CVE-2022-42475, a heap-based buffer overflow flaw in FortiOS SSL-VPN that could allow for unauthenticated remote code execution through carefully constructed requests. 

Earlier this month, Fortinet revealed that the unidentified hacking groups had taken advantage of the flaw to attack governments and other major institutions with a generic Linux implant capable of delivering additional payloads and carrying out remote server commands. 

Mandiant findings also indicate that the hackers managed to exploit the zero-day vulnerability to their advantage, accessing target networks for espionage operations. "With BOLDMOVE, the attackers not only developed an exploit, but malware that shows an in-depth understanding of systems, services, logging, and undocumented proprietary formats," Mandiant added. 

The BoldMove Backdoor malware, written in C, is apparently available in both Windows and Linux versions, with the latter being able to read data from a Fortinet-exclusive file format. 

Moreover, according to Fortinet’s report, an extended Linux sample comes with a feature that allows attackers to disable and manipulate logging features in order to evade detection. Despite the fact that no copies of the backdoor have been found in the wild, metadata analysis of the Windows variations reveals that they were created as early as 2021. 

"The exploitation of zero-day vulnerabilities in networking devices, followed by the installation of custom implants, is consistent with previous Chinese exploitation of networking devices," Mandiant noted. 

Schooled in FortiOS 

Meanwhile, Fortinet itself described the malware as a variant of “generic” Linux backdoor designed by threat actors for FortiOS. According to the company's analysis, affected systems may have had the malicious file disguising itself as a part of Fortinet's IPS engine. 

According to Fortinet, one of the malware's more advanced features included manipulating FortiOS log-in to avoid detection. The malware can search FortiOS for event logs, decompress them in memory, and search for and delete a specific string that allows it to reconstruct the logs. The malware can also completely disable logging processes. 

"The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," says Fortinet. 

Fortinet adds that designing the malware would have required the threat actors to have a “deep understanding” of the FortiOS and its underlying hardware. "The use of custom implants shows that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS," the vendor said.  

Read more »
VPN
Fortinet malware phishing kit Ransomware VPN

Warning: Ransomware Attacks Spreading via Fortinet Kit

 

The eSentire’s Threat Research Unit (TRU) confirmed in its recent research that the threat actors are exploiting Fortinet Virtual Private Network (VPN) devices that remain vulnerable to critical authentication bypass vulnerability.  The VPNs were being controlled by third-party providers; thus, the company had no direct visibility into the devices. 

Fortinet is a security ecosystem, which provides a variety of different products including next-generation firewalls, antivirus, VPNs, and endpoint solutions, among other offerings. 

On October 10, 2022, Fortinet issued a public statement in which it disclosed the critical vulnerability (CVE-2022-40684) in the system impacting several of their products including FortiOS, FortiProxy, and FortiSwitchManager. 

If the vulnerability is successfully exploited, the hacker could gain access to the Fortinet device. Specifically, devices are often integrated with organization-wide authentication protocols such as Lightweight Directory Access Protocol (LDAP) and Active Directory (AD). 

The TRU further said that its team detected and shut down two attacks on its customers – one was a Canadian-based college and the other, was a global investment firm. 

Additionally, once the threat actors had gained access to the target network, they exploited Microsoft’s Remote Desktop Protocol (RDP) to successfully get lateral movement and legitimate encryption utilities BestCrypt and BitLocker. 

Keegan Keplinger, research and reporting lead for the eSentire TRU, said “SSL VPNs are easy to misconfigure, and they are highly targeted for exploitation since they must be exposed to the internet and they provide access to credentials for the organization…” 

“Additionally, the tendency for these devices to be managed by a third party often means that the organization and their security providers have no direct visibility into activities being conducted on the device. This allows threat actors longer dwell times, as observed in the sale of these devices on the dark web, [making] SSL VPNs a prime target for initial access brokers [IABs].” 

Furthermore, Keplinger said the TRU’s research had shown that threat actors are always ready when it comes to exploiting vulnerabilities in well-used products. The attack is giving high singles to big tech companies if their technology is bing exploited in such a way.
Read more »
Subscribe to: Posts (Atom)