Fortinet Identifies Malicious Changes in Current Firewalls

Fortinet Identifies Malicious Activities in Firewalls

Fortinet confirmed the occurrence of malicious changes in the configurations of its FortiGate devices. This vulnerability especially affects devices that are theoretically up to date and have patches applied.

Who, What, Where, When, and How

The cybersecurity company Fortinet, specialized in firewall solutions, announced that cyber threats are exploiting their networks to perform automated intrusions. The changes in the firewall configurations were detected in September 2023, and the attackers are using sophisticated methods to obtain configuration files from the firewall.

How the Exploitation Works

Attackers employ automation techniques to infect FortiGate firewalls. This allows them to modify configurations without leaving traces, compromising the security of the networks that rely on these tools.

Implications for Users and Businesses

The change in firewall configurations can result in sensitive data exposure and compromise the entire IT infrastructure. Fortinet recommends that network administrators review their security policies and stay alert for any suspicious activity.

Fortinet's Recommendations

The company suggests that users and system administrators consistently apply security updates, as well as regularly review their firewall configurations. This practice can mitigate risks of intrusion and maintain the integrity of the networks.

The Future of Firewall Security

With the increasing sophistication of cyber attacks, Fortinet emphasizes the need for investment in proactive security technologies. The company is evaluating new solutions to strengthen the protection of its platforms and reverse the compromised configurations.