Thought Leadership
Despite security updates being installed, cyber criminals have managed to gain permanent access to FortiGate devices. The attackers exploit known vulnerabilities that have long since been closed – but they go one better: they leave behind a so-called backdoor through which they retain access even after the patch.
This backdoor is based on a symbolic link that connects the user file system with the root file system – in a folder that is intended for SSL VPN language files. This allows attackers to view configuration data unnoticed without being detected by standard security systems. Anyone who has never activated SSL VPN is at least spared this method of attack.
Update against the invisible
In response to the incident, Fortinet has released comprehensive security updates. These not only remove backdoors that have already been installed, but also harden the SSL VPN interface against further attack attempts. The company is thus sending out an important signal: proactive action is also required after an attack in order to secure systems in the long term.
Persistence instead of panic: Why quick action counts
However, security experts see this incident as a worrying trend: even known and patched vulnerabilities continue to be used as a gateway – with the aim of permanently infiltrating the system. In some cases, such accesses even survive a reset to factory settings.
The most important countermeasure: prompt action. Security updates should not be postponed, but installed immediately. The longer the gap remains open, the greater the risk of falling victim to an attack.
Conclusion: No loophole for negligence
The Fortinet vulnerability shows once again how important it is not only to rely on patches, but also to consistently monitor and maintain your own IT security. Because in the world of cyber attacks, if you wait too long, you invite the attackers in.
(vp/8com GmbH & Co. KG)
