Here’s another important reason to patch your VPN now

Unpatched Fortinet VPN devices are a prime target for cybercriminals and nation-state hackers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security experts always recommend that organizations install the latest patches when they become available but this advice has gone unheeded by many owners of Fortinet’s enterpriseVPNdevices.

Back in 2019, the path traversal vulnerability in the web portal of FortinetOS’ SSL VPN devices (tracked asCVE-2018-13379) became widely known. While the issue was addressed and patched by the company, a large number of organization have not yet applied Fortinet’s critical security update released several years ago.

Now the UK’s National Cyber Security Centre (NCSC) has released a new advisory warning that cybercriminals as well as Advanced Persistent Threat (APT) actors are actively scanning for unpatched VPN servers and attempting to exploit the CVE-2018-13379 vulnerability. In fact, so many companies have failed to apply the security update that ready-made lists containing the IP addresses of vulnerable servers and internet-facing devices started appearing ondark web forumslast fall.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

One of the ways in which cybercriminals are now actively leveraging the vulnerability is to install theCring ransomwareon unpatched VPN servers according to a recent report from Kaspersky.

Already compromised

In itsnew advisorythe NCSC warned organizations that they should assume any unpatched devices are already compromised, saying:

“The NCSC is advising organisations which are using Fortinet VPN devices where security updates have not been installed, to assume they are now compromised and to begin incident management procedures. Users of all Fortinet VPN devices should check whether the 2019 updates have been installed. If not, the NCSC recommends that as soon as possible, the affected device should be removed from service, returned to a factory default, reconfigured and then returned to service.”

In addition to being infected with the Cring ransomware, the NCSC,CISA and FBIhave all warned organizations that  nation-state hacking groups are actively scanning for unpatched devices in order to gain access to networks to carry outcyber espionagecampaigns.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Failing to install the latest patches in one thing but when a security update was released two years ago, organizations have no excuse as to why they’ve put off applying it. If you company uses Fortinet VPN devices, you should check to see if the latest updates have been applied and if not, they should be installed immediately to avoid falling victim to ransomware and other attacks that exploit the CVE-2018-13379 vulnerability.

ViaZDNet

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Is it still worth using Proton VPN Free?

Mozambique VPN usage soars as internet restrictions continue

Your doctor may have an AI assistant taking notes during your next Zoom call