The General Directorate of Information Systems Security (DGSSI) has launched an alert regarding a massive data leak called “FortiBleed”, which affects Fortinet security systems, including firewalls and SSL VPN gateways. According to the note published by the Center for Monitoring, Detection and Reaction to Computer Attacks (maCERT), nearly 75,000 devices worldwide are affected, including several belonging to Moroccan entities.
According to the DGSSI, cyberattackers managed to recover administrator credentials and valid VPN access by exploiting configuration files from FortiGate devices connected to the Internet. This information can then be used to penetrate internal networks, take control of computer systems, deploy ransomware or even steal confidential data.
Faced with this threat, the authority recommends that affected organizations check whether their systems are affected by this leak, immediately reset passwords for administrator accounts and VPN access and activate multi-factor authentication (MFA). It also recommends updating systems to secure versions of FortiOS, limiting access to management interfaces from the Internet, and carefully monitoring connection logs for suspicious activity.
This alert highlights the importance for businesses and administrations to continually strengthen their cybersecurity systems in the face of increasingly sophisticated threats likely to compromise critical infrastructure and sensitive data.
