What is this threat alert?
A recent cyber threat has emerged, targeting Fortinet FortiGate devices. A new hacker group, named Belsen Group has leaked configuration files and VPN passwords for over 490,000 devices, on the Dark Web for free, exposing businesses to significant risks.
The hacker group shared this data to help boost their promotion and credibility and stated in the post ‘’"At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first official operation: Will be published of sensitive data from over 15,000 targets worldwide (both governmental and private sectors) that have been hacked and their data extracted.’’
The leak is linked to the vulnerability CVE-2022–40684 (discovered in October 2022) that was exploited before a fix was released.
Who could be affected?
Fortinet products are cybersecurity software products used by a variety of organisations, including government agencies, enterprises, service providers, and schools.
This threat affects businesses using the following versions of Fortinet products:
- FortiOS: 7.2.0 to 7.2.1, 7.0.0 to 7.0.6
- FortiProxy: 7.2.0, 7.0.0 to 7.0.6
- FortiSwitchManager: 7.2.0, 7.0.0
The data leak impacts organisations that have not yet patched their systems or updated administrative credentials. It poses a particular risk to businesses relying on Fortinet devices to secure their networks.
Based on our team’s analysis, we’ve listed the top 10 countries affected below, along with how many vulnerable IP’s have been detected in these regions:
- United Arab Emirates: 1,081 occurrences
- Mexico: 835 occurrences
- Malaysia: 807 occurrences
- Thailand: 777 occurrences
- United States: 679 occurrences
- India: 660 occurrences
- Brazil: 640 occurrences
- Vietnam: 612 occurrences
- Colombia: 598 occurrences
- Saudi Arabia: 588 occurrences
For the full list of countries, feel free to reach out to our team.
What do businesses need to do to protect themselves?
To minimise exposure to this threat, businesses should take the following immediate steps:
- Update Software Versions:
- FortiOS: Upgrade to version 7.2.2 or above, or 7.0.7 or above.
- FortiProxy: Upgrade to version 7.2.1 or above, or 7.0.7 or above.
- FortiSwitchManager: Upgrade to version 7.2.1 or above, or 7.0.1 or above.
- Secure Credentials:
- Review and update all administrator credentials on affected devices.
- Implement robust password policies, including multi-factor authentication (MFA).
- Audit and Monitor:
- Review firewall configurations for unusual or unauthorised changes.
- Enable logging and monitoring to detect suspicious activity.
- Enhance Vigilance:
- Educate employees about phishing attempts and social engineering tactics that may leverage leaked credentials.
How can you help your insureds?
If you’re an insurer with a portfolio of commercial clients, feel free to reach out to us for a free cyber risk check of your portfolio. Using our technology, Breach Check, we can quickly identify any of your clients that could be affected, helping you to reduce risk and avoid claims. For a free scan get in touch with our team info@dynarisk.com.
How DynaRisk’s solutions can help
At DynaRisk, we empower businesses and insurers to stay ahead of cyber threats. Our tailored solutions help mitigate risks associated with vulnerabilities.
We offer a variety of cyber risk solutions, including personal and business cyber risk management, as well as portfolio cyber risk monitoring. These services are designed to detect threats before they escalate into attacks.
By utilising DynaRisk’s solutions, insurers can better protect their policyholders, reduce claims, enhance engagement, and effectively manage loss ratios.
Interested in learning more? Get in touch with us!