Fortinet Confirms Data Breach After Hacker Claims To Steal 440GB of Files (bleepingcomputer.com) 25
Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server. From a report: Fortinet is one of the largest cybersecurity companies in the world, selling secure networking products like firewalls, routers, and VPN devices. The company also offers SIEM, network management, and EDR/XDR solutions, as well as consulting services.
Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet's Azure Sharepoint instance. The threat actor then shared credentials to an alleged S3 bucket where the stolen data is stored for other threat actors to download. The threat actor, known as "Fortibitch," claims to have tried to extort Fortinet into paying a ransom, likely to prevent the publishing of data, but the company refused to pay. In response to our questions about incident, Fortinet confirmed that customer data was stolen from a "third-party cloud-based shared file drive."
Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet's Azure Sharepoint instance. The threat actor then shared credentials to an alleged S3 bucket where the stolen data is stored for other threat actors to download. The threat actor, known as "Fortibitch," claims to have tried to extort Fortinet into paying a ransom, likely to prevent the publishing of data, but the company refused to pay. In response to our questions about incident, Fortinet confirmed that customer data was stolen from a "third-party cloud-based shared file drive."
Re: (Score:3)
Microsoft Sharepoint server? It doesn't look too good to me already...
Re: (Score:2)
....You Had One Job.
Queue short sellers, and with good reason.
OOO (Score:2)
It would have been surprising had they announced it before the breach.
Re:OOO (Score:5, Insightful)
I think the key is they didn't announce it until after the intruder did.
More like "Cyperinsecurity giant" (Score:2)
As most of these peddlers of 2nd rated stuff are these days. Pathetic.
Re: (Score:3)
As most of these peddlers of 2nd rated stuff are these days. Pathetic.
They hit trifecta of security incompetence:
1) A Microsoft operating system.
2) Sharepoint (Holy Shit, Batman!)
3) Amazon S3 cloud services (but really, any 3rd party cloud service will qualify).
Re: (Score:2)
Indeed. And the attackers are more and more winning. They can just select which enterprise with incompetent IT security they want to walk into and not expect any real opposition. Of course, there are still some with competent IT security and attackers will stay away, just too much effort. There are also those that do not have money. But for the rest? It is just a question of time.
Rather ironic ... (Score:4, Insightful)
.. that a Cybersecurity got hacked. LUL.
Looks like security has the same rule-of-thumb as riding motorcycles ...
becomes:
What the hell are they doing with 440 GB of data???
Re: (Score:3)
Monetizing it.
Re:Rather ironic ... (Score:5, Insightful)
.. that a Cybersecurity got hacked. LUL.
Looks like security has the same rule-of-thumb as riding motorcycles ...
becomes:
What the hell are they doing with 440 GB of data???
Let's not skip the important bit here. What the hell are they doing with 440 GB of data ON MICROSOFT SHAREPOINT! How could any security company think that's a secure place to store data. It's not even like I can blame Microsoft specifically in this case. It's right in the god damned name. "Share"point. SHARE! Does a supposed cybersecurity company not understand that the word share != secure. In fact, it may actually be opposite of secure.
There needs to be a very serious discussion now about these cybersecurity companies and whether they add any actual value to our systems, or if we've been sold a complete bill of goods. None of them seem capable of securing their own systems. And some of them seem to actually run on the dumbest possible level of security themselves. Not a great example of how to take care of systems and data, for certain.
Re: (Score:2)
I feel like that sometimes when it comes to these near daily emails I get that my data has been compromised. The NationalData breach being the one that finally got me to freeze my credit reports. It's sicke
Re: (Score:2)
I work in the cybersecurity industry, and I can promise that some things *have* changed ... but not because of all the news: it's because of the lawsuits.
CISOs (the guy at the top of security for big companies) have recently been held personally liable when a breach is shown to have been caused by incompetence. As you might imagine, this has quite an effect on them: it's one thing to lose your job because you screw up, and another entirely to face losing all your assets.
I'm not sure how many will ever face
Re: (Score:2)
I'm not sure why all the hate of sharepoint. In terms of a secure place to store files it is loads better than a typical file server subject to ransomware. The data is encrypted by default. I'm not yet sure if it was a social engineering breach or simply not following least privilege access principles.
This is not an indictment of sharepoint, it is an indictment of not following best practices. An account without MFA and shared credentials sounds like it was used to gain access to this, that means a conditi
Re: (Score:2)
Looks like security has the same rule-of-thumb as riding motorcycles ...
Dress for the slide, not the ride.
Dogfooding (Score:2)
there are only two kinds of orgs in the world... (Score:2, Insightful)
Because of FortiShit I couldn't use Ubuntu (Score:1)
Re: (Score:2)
That sucks but you can route through your VM.
Re: Because of FortiShit I couldn't use Ubuntu (Score:2)
You mean this Fortinet VPN?
https://repo.fortinet.com/ [fortinet.com]
nobody puts useful data in sharepoint (Score:2)
It's just 440 GB of annual company picnic photos.
A security company used MS SharePoint server (Score:2)
The rest is predictable.
DLP, anyone? (Score:2)
Looks like they're lacking in the Data Loss Prevention (DLP) area. Maybe they should be using Microsoft Purview ;-)