The National Cyber Security Center (NCSC) has released a critical security alert detailing how cybercriminals are actively exploiting a Fortinet VPN vulnerability to distribute ransomware. Kaspersky reported on the flaw earlier this month, stating that criminals are seeking out unpatched systems and are able to exploit the flaw to remotely access usernames and passwords, which then allows them to undertake activity on the network. Organizations who use Fortigate firewalls on their network and have not implemented the security update should assume they have been compromised, according to the NCSC.
The Cybersecurity and Infrastructure Security Agency and the FBI have also released warnings on the vulnerability, CVE-2018-13379, claiming that nation-state hackers are still scanning for organizations who left the issue unpatched. They then launch cyber espionage campaigns or cyberattacks against the entities. Fortinet issued a security update to patch the flaw in 2019, however, two years later a significant number of organizations have not implemented the fix. The NCSC stated that cybercriminals have published a list of roughly 50,000 IP addresses relating to unpatched devices.
Read More: If you haven’t patched this old VPN vulnerability, assume your network is compromised