Fortinet SSL VPN appliances have been subjected to a surge of brute-force attack traffic earlier this month, The Hacker News reports.
Initial attacks on August 3 involved the protracted brute-force activity associated with a single TCP signature that has been aimed at FortiOS profile, TCP-fingerprinted traffic, and client signatures, while subsequent intrusions beginning August 5 entailed a sharp traffic burst targeted at FortiManager instead, a report from GreyNoise showed. Additional analysis of the second attack wave's TCP fingerpint revealed an uptick of traffic in June associated with a FortiGate instance within a Pilot Fiber-managed residential ISP block. GreyNoise researchers also discovered 56 malicious unique IP addresses aimed at Fortinet SSL VPN devices between Monday and Tuesday, most of which originated and have been targeted at the U.S. Such findings follow a recent GreyNoise report detailing the upswell in nefarious activity aimed at VPNs, remote access tools, and firewalls within six weeks of new CVE disclosures.
Initial attacks on August 3 involved the protracted brute-force activity associated with a single TCP signature that has been aimed at FortiOS profile, TCP-fingerprinted traffic, and client signatures, while subsequent intrusions beginning August 5 entailed a sharp traffic burst targeted at FortiManager instead, a report from GreyNoise showed. Additional analysis of the second attack wave's TCP fingerpint revealed an uptick of traffic in June associated with a FortiGate instance within a Pilot Fiber-managed residential ISP block. GreyNoise researchers also discovered 56 malicious unique IP addresses aimed at Fortinet SSL VPN devices between Monday and Tuesday, most of which originated and have been targeted at the U.S. Such findings follow a recent GreyNoise report detailing the upswell in nefarious activity aimed at VPNs, remote access tools, and firewalls within six weeks of new CVE disclosures.
