ChannelLife India - Industry insider news for technology resellers
India
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
Story image
#
Breach Prevention
#
DLP
#
Encryption

Fortinet breach exposes 440GB of data; no ransom paid

Yesterday
Author image
By Shannon Williams, Journalist

A recent security incident involving cyber security company Fortinet's third-party cloud storage has resulted in unauthorised access to a small number of files.

According to an analysis by Tesserent's Security Operations Centre (SOC), the breach affected less than 0.3% of Fortinet's customers.

Patrick Butler, who runs Tesserent's SOC, has provided a comprehensive summary of the incident. He noted that there is no evidence of malicious activity affecting customers.

The scope of the breach did not include data encryption, ransomware, or access to Fortinet's corporate network. Butler stated, "Fortinet's operations, products, and services remain unaffected."

The incident, which reportedly occurred in August 2024, involved approximately 440GB of data, as confirmed by the threat actor. The unauthorised access was through the third-party cloud storage platform, SharePoint, and primarily impacted customers based in the APAC region. Fortinet swiftly contained the issue, terminated unauthorised access, notified law enforcement, and engaged external forensics for validation. Enhanced security measures have since been implemented.

The threat actor behind the breach, identified as "Fortibitch," attempted to extort Fortinet for ransom, though no payment was made. The stolen data was subsequently posted in an S3 bucket, with credentials shared among other threat actors.

Butler emphasised the importance of vigilance, stating, "While there is no direct, immediate impact on individuals, it is crucial to be cautious of unusual communications or requests and report any suspicious activity."

The incident underscores the importance of having a robust Cyber Threat Intelligence (CTI) program, as the leaked data was initially discovered on a hacking forum. "Regular monitoring of such data sources can aid in early detection of potential threats," Butler added.

Furthermore, the incident highlights the significance of third-party risk management. Effective risk management includes evaluating access controls, implementing Multi-Factor Authentication (MFA), and reviewing who has access to third-party platforms.

"This incident reminds us of the need for rigorous assessment of data-sharing practices and access permissions, including those involving contractors and third parties," noted Butler.

Proactive monitoring and detection are also crucial. Implementing Data Loss Prevention (DLP) systems can monitor and protect sensitive data from unauthorised access or leaks. Additionally, Managed Detection and Response (MDR) services can detect and respond to threats in real-time. "Ensuring that monitoring and detection use cases are well-defined and effectively cover potential attack vectors is vital," Butler stated.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Salt Typhoon hacks highlight vulnerabilities to Chinese attacks
Trend Micro report: America tops global cyber risk index
Palo Alto Networks leads attack surface management in Forrester Wave
Record $75m ransom amid rise in ransomware attacks
IGEL unveils new service to recover from cyber attacks swiftly
Top stories
AMD & Oracle boost AI capabilities with new accelerator launch
Report reveals demand for human 'soft' skills outpaces need for digital skills
Industrial DataOps set to revolutionise digital transformation
Check Point Software named Visionary in 2024 Gartner report
Exclusive Networks partners with Rackmount.IT to boost security