October 2022 brought with it news of a widespread software vulnerability. Fortinet disclosed a critical remote authentication bypass vulnerability – CVE-2022-40684 – that could impact FortiOS, FortiProxy, and FortiSwitchManager.
Clearly nothing in the cyber world is perfect! Everything is connected these days and everything can therefore be a security risk: the network operating system, a web proxy, a device manager, and more. Even your connected webcams and printers.
You need a tightly integrated security system to match.
The point of having tight integration, total visibility, and management across your entire security architecture is so that AI-driven threat intelligence can help predict, prevent or contain attacks rapidly. Disparate security systems would find that harder to achieve.
So – if your business doesn’t have multilayered protection, it’s time to start thinking about how to increase your security and eliminate software vulnerability!
However, the truth is that all security systems are open to attack because hackers find even a few successful attacks can be lucrative.
So What Happens When You Have a Software Vulnerability?
When a malicious actor gains access via a vulnerability in your system or your code, they treat it as a proof of concept (PoC).
A PoC is simply a demonstration that a certain idea or method works. In computer security, this often means hackers show they’ve been able to make use of a security flaw in your software or hardware.
However, whereas an ethical hacker reports this vulnerability to the developer, who issues a security patch, a malicious entity uses the information to cause harm later, when they’ve worked out how they can best exploit the vulnerability to their advantage. See here for some of their leverage in Fortinet’s case.
How Did Hackers Find the Fortinet Software Vulnerability?
They did it via a series of attempted illegal entries to the system using an SSH key. An SSH key is similar to a user name and password but it’s mostly used for automated access by power users or those who have admin accounts.
It’s not quite as simple as that, but it exemplifies the need to stay ahead in the cybersecurity game. You need an integrated system overseen by professionals whose only job is to stay on top of all things cybersecurity. If you know this is what you need, contact us to discuss a solution.
In the meantime…
Why Should You Use Integrated, Layered, Cybersecurity?
Cybersecurity needs have changed in several ways recently. Many businesses are going digital first and innovating in various ways to maintain their competitive advantage while lowering their costs.
One route you may already have taken, for example, is to relocate to the cloud. Another popular development has been to employ the best talent globally by allowing remote work.
Both these developments introduce problems:
1 You have a larger attack surface with cloud, remote devices, and IoT.
With an increase in remote employees signing in to your cloud services from all over the world on private devices, you’ve increased your surfaces open to attack. Your employees might be introducing several security risk factors to your business, and it’s important you take note of these and act.
2 You’ve probably gathered not only some legacy apps but also disparate technologies to secure your network as you’ve expanded.
While using outdated systems, new cloud services, and a mix of everything in between, the temptation has perhaps been to add more tools and move on! You’ve a business to run, after all.
However, it’s nearly impossible for your IT people to stay on top of the latest technology developments, new cyber threats, and any risk from legacy apps. This means you’re running on borrowed time!
3 You now have a larger data lake that must still meet regulatory demands regarding data security and privacy.
Data breaches are now a huge risk to your brand and finances. With a widespread business system, it’s likely your data are not as secure as regulations now demand.
The good news is that you can improve your chances in all three issues with integrated, layered security installed by professionals.
So let’s look at the takeaways we promised you.
Three Takeaways From This Software Vulnerability Incident
1 Keep software, operating systems, and your security tools up to date and test for vulnerability regularly.
Fortinet quickly advised customers to conduct an immediate upgrade, and issued a patch. If you ignore OS or app updates, you’re inviting disaster!
Solution: Why not ask a professional to conduct a security audit to establish your security posture and take steps from there?
2 Introduce the highest levels of AAA to avoid too many devices/IPs having access to admin interfaces.
The Fortinet vulnerability related to “a critical severity authentication by-pass using an alternate path” according to the email they sent out. It stated: “This may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted requests.”
Solution: Having an Authentication, Authorization, and Accounting (AAA) system installed in your business is a good basis to start from. However, an advisor can take you further and provide advice on extra protections to help prevent attacks despite software vulnerabilities.
3 Modernize your network with the help of an expert technological partner.
This can never be totally foolproof – Fortinet has two decades of experience! – and no one is immune to hacker activity. It’s relentless. But you can minimize risks.
Solution: The best way forward is to modernize your network and outsource cybersecurity to a SecOps team who will work with you to set up round-the-clock monitoring of your complete – possibly widespread – operation to guard against software vulnerability attacks succeeding.
We Can Help
At RFIP, we offer a complete security service and strategic guidance to achieve a tailored approach for your unique needs, using security services from Arctic Wolf. Let us help you ensure your business’s cybersecurity!
Contact us today and we can discuss your requirements.