Major Data Leak Poses Risks to Moroccan Institutions
In a recent announcement, Morocco's national cybersecurity authorities have alerted various institutions about a significant global data leak dubbed "FortiBleed." This alarming incident has reportedly exposed sensitive login credentials tied to internet-connected security devices produced by Fortinet, raising serious concerns about the cybersecurity landscape in the region. The Moroccan Computer Emergency Response Team (maCERT), which functions under the General Directorate for Information Systems Security within the National Defense Administration, issued a detailed security advisory marked with reference number 65471806/26. This advisory outlines the scope of the breach, particularly emphasizing its impact on Fortinet firewall devices and SSL VPN gateways utilized by organizations across the globe.
According to the advisory, it is estimated that around 75,000 devices spanning nearly 200 countries have been compromised, including systems belonging to both public and private institutions in Morocco. The agency has urged these organizations to take immediate and proactive measures in response to the breach. The leaked information comprises valid administrator usernames and passwords, along with credentials necessary for accessing virtual private networks (VPNs), heightening the risk of unauthorized access to critical internal networks.
Immediate Actions Required to Enhance Security
Cybersecurity officials have indicated that the attackers managed to acquire this sensitive information by extracting configuration files from internet-facing FortiGate devices. They subsequently cracked password hashes offline, circumventing the need for direct access to the targeted networks. This alarming method of data extraction underscores the need for organizations to remain vigilant in safeguarding their systems. The exposed credentials could potentially allow malicious actors to gain unauthorized access to internal networks, navigate laterally across various systems, compromise Active Directory environments, deploy ransomware, or even exfiltrate sensitive data.
To mitigate these threats, maCERT has strongly advised affected organizations to confirm whether their systems are listed in publicly accessible breach databases, utilizing the tools recommended in the advisory. Furthermore, the agency has called for an immediate reset of all passwords associated with administrative accounts and VPN access points to prevent any unauthorized access. Authorities also recommend enabling the enhanced PBKDF2 password-hashing mechanism available in the latest versions of FortiOS, specifically versions 7.2.11, 7.4.8, and 7.6.1, to bolster security. It is crucial to note that this enhanced encryption feature does not activate automatically following software updates and requires administrators to log in at least once or have passwords manually reset by a super administrator.
Moreover, Moroccan cybersecurity officials have highlighted the necessity of enforcing mandatory multi-factor authentication (MFA) for all administrative access and VPN connections. Additional recommendations include restricting public internet access to FortiGate management interfaces and conducting ongoing monitoring of system logs for any suspicious activities, such as logins occurring outside of working hours, unauthorized account creation, or unexplained configuration changes.
In a related development, cybersecurity researcher Badr Bellaj has revealed on LinkedIn that numerous Moroccan companies and institutions are likely victims of the FortiBleed campaign. He has urged these organizations to adhere strictly to the security measures outlined by Morocco's information systems security authorities. This warning arrives at a time when concerns are escalating regarding cyberattacks that target critical infrastructure and enterprise networks globally, with leaked administrative credentials increasingly serving as gateways for ransomware operators and data theft groups.
As reported by en.hespress.com.
