Vorlon Blog

Fortinet Hit by Cyber Attack: Third-Party Breach Affects Asia-Pacific Customers

Written by Mahima Kulkarni | Sep 20, 2024 5:15:30 PM

Introduction

Fortinet, a leading global cybersecurity firm, which provides solutions like firewalls and endpoint protection disclosed a data breach that impacted some of its customers in the Asia-Pacific region. This incident highlights third-party risks and the need for continuous monitoring.

The Breach

Fortinet revealed a breach involving unauthorized access to a third-party cloud-based file drive, affecting customers primarily in the Asia-Pacific region. This occurred last month but was only recently discovered. While it appears minor, involving a small number of files, the incident is concerning given the nature of Fortinet’s role in protecting critical infrastructure worldwide.

What Got Exposed?

Fortinet has not detailed the data exposed but confirmed that only a small subset of customers was affected. The breach involved a third-party cloud drive, and there is no evidence of malicious activity. Fortinet’s services are intact, but the threat actor and compromised data details are still unclear.

Fortinet’s Response

Fortinet has communicated directly with affected customers and conducted an internal investigation. The firm assures that, to date, there has been no indication of malicious activity. Fortinet also emphasized that its core operations and services were not compromised in the incident. The company is working with authorities, including Australia’s National Office of Cyber Security, to mitigate impact and prevent further incidents.

Tips for Customers

If this breach has you worried about your data, here’s what you should do:

Check for Data Breach Alerts: Stay informed about any notifications from your service providers regarding potential breaches or security issues.

Update Credentials: If you believe your data could be compromised, update your passwords and enable multi-factor authentication (MFA).

Verify Communications: Be cautious of any communications claiming to be from Fortinet, especially if they ask for sensitive information. Always verify the legitimacy of the sender.

Tips for Organizations

If this incident shows anything, it's that you need to sharpen your approach to managing third-party risks:

 

Establish Clear Communication Channels

Designate API Security Contacts

Appoint specific individuals within your organization and the third-party vendor who are responsible for API security issues. 

Define Incident Reporting Procedures 

Create a clear protocol for reporting and addressing API security incidents. This should include how to report risks, the process for escalating critical issues, and the channels for ongoing communication.

 

Implement Continuous Monitoring

Monitor API Traffic 

Use tools to continuously analyze API traffic for unusual patterns or activities that could indicate a security breach or attack. Implement logging mechanisms to capture detailed information about API requests and responses. Vorlon can handle this for you, so please relax!

Integrate API Security Solutions 

Deploy API security solutions like Web Application Firewalls (WAFs) or API gateways that provide real-time protection against threats such as SQL injection, cross-site scripting (XSS), and other API-specific vulnerabilities.

 

Encrypt Data

Secure API Communications 

Ensure that all data transmitted via APIs is encrypted using protocols like HTTPS/TLS. This prevents data from being intercepted or tampered with during transmission.

Encrypt API Keys and Tokens

Store API keys, tokens, and other sensitive credentials securely using encryption. Ensure these secrets are not hardcoded in source code and are managed through secure vaults.

 

Review and Update Access Permissions

 

Implement API Key Management 

Regularly review and update API keys and access tokens. Ensure that API keys are granted with the least privilege principle and are rotated periodically.

 

Conduct API Access Audits 

Periodically audit API access controls to verify that third-party vendors have appropriate permissions based on their role. Revoke access for any keys or tokens that are no longer needed.

 

Conduct Security Training for Vendors

 

Provide API Security Training 

Offer specialized training for third-party vendors on secure API development practices, including how to avoid common risks like improper authentication or insufficient input validation.

 

Test Vendor Knowledge 

Evaluate the effectiveness of the training by conducting assessments or simulated attacks to ensure vendors understand API security best practices and can apply them effectively.

 

Wrapping Up

The Fortinet breach highlights that no company, regardless of its cybersecurity expertise, is immune to the risks posed by third-party services and cloud environments. While the breach appears to have been contained with no malicious fallout so far, the incident serves as a stark reminder that organizations need to strengthen their security postures continuously.

They should invest in robust security frameworks, including regular security assessments, better data encryption, and proactive breach detection, to prevent future incidents. For individuals, actively safeguarding your personal data remains crucial in today’s digital landscape. Simply put, the effectiveness of your security depends on your awareness!