28 May 2021

Is Your Company Using a FortiOS SSL VPN? Make Sure It Is Updated

Ashli LoppNews  

Virtual private networks (VPNs) let remote employees securely connect to their companies’ networks. However, companies using Fortinet’s FortiOS SSL VPNs might be putting their networks at risk. Discover why using FortiOS SSL VPNs can be risky and what all companies need to do to protect their VPNs, no matter what kind of VPN they are using.

Many businesses allow their employees to work from home. They often use virtual private networks (VPNs) so that the remote workers can securely connect to the resources and machines on their companies’ networks.

However, businesses using Fortinet’s FortiOS SSL VPN might be putting their networks in hackers’ cross hairs. The FortiOS SSL VPN has two vulnerabilities that cybercriminals are actively exploiting, according to a joint alert issued in April 2021 by the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA). The hackers are scanning the Internet for vulnerable FortiOS SSL VPNs. When found, they use the vulnerabilities to gain access to businesses’ VPNs and networks. Once inside a company’s network, they steal data, install ransomware, or carry out another type of cyberattack.


Vulnerabilities Not New But Still Serious

The two vulnerabilities in the FortiOS SSL VPNs — FG-IR-18-384 (CVE-2018-13379) and FG-IR-19-283 (CVE-2020-12812) — are not new. Fortinet released patches for them in 2019 and 2020, respectively. However, some companies have not installed the patches, leaving their VPNs and networks open to attack.

For example, cybercriminals recently exploited the FG-IR-18-384 vulnerability in a manufacturing facility. By sending specially crafted HTTP requests to the facility’s unpatched VPN application, the unauthenticated attackers were able to access a system file that contained VPN login credentials. Once logged in to the VPN, the cybercriminals carried out a mimikatz attack to steal additional credentials, allowing them to move laterally across the manufacturer’s network. The attackers then installed and executed the Cring ransomware on key machines. Among those infected were servers used to control an industrial process, resulting in that process being shut down.

This is not an isolated incident, as many companies have yet to patch their VPNs. In November 2020, a hacker posted the IP addresses of 49,577 unpatched FortiOS SSL VPNs on the dark web.


What Companies Can Do

All business using a VPN — not just those companies using the FortiOS SSL VPN — need to take measures to protect it. One crucial measure is to keep the VPN software and hardware (if applicable) updated so that known vulnerabilities are patched. That way, hackers cannot exploit known vulnerabilities to access the VPN.

Besides being left unpatched, VPNs are popular targets for cybercriminals because companies typically do not limit what network resources or machines remote employees can access when they are connected through the VPN. Thus, another measure that companies can take is to segment their networks to limit access to only those resources and machines that remote employees need to use.

Businesses can take other measures that depend on factors such as the type of VPN being used and how the network is set up. We can assess your IT infrastructure and make recommendations on how to secure your VPN as well as your network.

Leave a Reply

Your email address will not be published. Required fields are marked *