There were several articles published on September 8, 2021, regarding a threat actor releasing the credentials for roughly 500,000 Fortinet VPN accounts. This was made possible by Fortinet vulnerability CVE-2018-13379 available in specific versions of FortiOS 5.4, 5.6, and 6.0.
Suite3 has reviewed a list of IP Addresses exploited during this attack and has confirmed there are no positive matches with the current public IP Addresses assigned to our customers firewalls.
This underscores the importance of maintaining firewall firmware versions and ensuring active support on the devices. It also reinforces the fact that users should have a policy that includes a requirement to force password changes and all VPN access should be configured with Multi-factor Authentication (MFA).
As part of the SecureSuite Managed Firewall solution Suite3 regularly updates firewall firmware versions and ensures critical patches are applied. All managed firewall customers have been previously patched for this vulnerability.
For those customers who manage their own firewalls a check should be performed to ensure that the support is active, the firmware version is current, MFA is in place for remote access, and a sound password policy is being utilized.