Arctic Wolf Observes Targeting of Publicly Exposed Fortinet Firewall Management Interfaces

#cybersecurity #Cyber #cyber #cyber security

View Profile

View More Posts

Management interfaces of firewalls have historically been a significant vector for initial access to deploy ransomware and other malicious activity, as witnessed in several recent campaigns:

In August 2024, SonicWall disclosed CVE-2024-40766, a vulnerability granting unauthorized access to management and SSL VPN interfaces. This vulnerability was exploited to deploy Fog and Akira ransomware.
In November 2024, the CVE-2024-0012 and CVE-2024-9474 vulnerabilities in Palo Alto Networks PAN-OS software were leveraged in a mass exploitation campaign uncovered by Arctic Wolf.

Recommendations

Limit Access to Management Interfaces on The Public Internet

For all firewall devices, Arctic Wolf strongly recommends restricting firewall management interface access to trusted internal networks as a security best security practice across all firewall configurations, regardless of vendor.

Please refer to vendor-specific documentation detailing configuration of management interface access. For Fortinet FortiGate firewall devices, see the following documentation for an outline of security hardening best practices: System administrator best practices | Hardening your FortiGate

Configure Log Monitoring for all Firewall Devices

To increase the likelihood of catching malicious activity early, ensure that syslog monitoring is configured for all of your organization’s firewall devices using our provided documentation.

Add Post View All

Posted by UKFast

UKFast Adds to C-Suite with CMO Appointment

Posted by Woodhurst Consulting

Getting the whole picture

Arctic Wolf Observes Targeting of Publicly Exposed Fortinet Firewall Management Interfaces

Share

Related Posts

Posted by UKFast

UKFast Adds to C-Suite with CMO Appointment

Posted by Woodhurst Consulting

Getting the whole picture

Posted by iomart Group plc

iomart helps Manchester employment law consultancy Peninsula move to the cloud

Posted by Cyber Security Partners

CSP Announce Associate Sponsorship

Posted by Datacentreplus

Most Common Cyber Security Threats & Prevention in 2020

Posted by Cyber Security Partners

Why You Shouldn't Use 2FA on Older Smartphones

Posted by Cyber Security Partners

Remote Working - Keep Your Data Secure!

Posted by The North West Cyber Resilience Centre

Online Advice for Businesses in Response to the Covid-19 Outbreak

Posted by The North West Cyber Resilience Centre

Cyber Resilience Centre: Free Membership Offer in Response to COVID-19

Posted by Informed Solutions

Informed Solutions Appointed to Ofgem Digital Services Dynamic Purchasing System

Subscribe to our newsletter