Cybercriminals allegedly hacked tens of thousands of Fortinet firewalls used by major companies all over the world

Cybercriminals have compromised tens of thousands of Fortinet firewalls and VPNs used by major companies all over the world, according to two cybersecurity firms. The widespread hacking campaign, which is ongoing and has been dubbed FortiBleed, appears to not involve abusing any unknown vulnerability in the targeted devices, but rather on a more basic issue: companies may not be changing passwords to the firewall, nor making sure that the credentials they use for sensitive systems exposed on the internet are not already known by hackers. In this campaign, hackers are first using automated tools to scan the internet for exposed Fortinet firewalls and VPNs. Then, they are breaking into the devices thanks to lists of previously known passwords. At that point, the cybercriminals can steal more sensitive data from the victim companies, cybersecurity firms Hudson Rock and SOCRadar wrote in their reports that they published this week. “Once a device is compromised, [the hackers] use it as a listening post, monitoring traffic passing through and collecting any additional credentials that flow by. Those freshly collected passwords are then fed back into the scanner to compromise even more devices. The system feeds itself,” SOCRadar wrote. Hudson Rock said they found evidence that suggests more than 73,000 unique Fortinet URLs have been hacked, while SOCRadar said the total of hacked devices is more than 30,000. …