In the cyber insecure world in which we live, getting hacked is the new normal. The question is not if, it is when? The fixed numbers of modus operandi which the police used to boast upon to prove their competence, is thrown to the winds in the age of cyber crimes. Unfortunately, nearly every crime has a cyber element in it. Can anyone provide the modus operandi of all types of Ransomware attacks, the attacks have a 360 degrees dimension and how to navigate all the elements and prevent or investigate such crimes. The cyber crime investigation geographies imbroglio does not seem to get sorted out in the near future.
Can anyone list out all the vulnerabilities in the cyber world? It is humanly and technically impossible. This is where the world stands now. It’s the turn of the Fortinet users now. What is of concern is that since January threat actors have been exploiting two Fortinet vulnerabilities tracked as CVE-2024-55591 and CVE-2025-24472 to deploy SuperBlack ransomware. Researchers at Forescout Research-Vedere Labs have zeroed in on the threat actor dubbed “Mora_001.” What has Mora_001 been doing? It has been exploiting these two vulnerabilities within FortiOS and FortiProxy to gain super-administrator access to vulnerable Fortinet products.
It seems they have ties with the LockBit ecosystem. This is based on the operation signature. The ties with the known existing ransomware operations are based on a few conspicuous parameters which includes the same TOX ID used by LockBit. Famous amongst the infamous, LockBit, it has been one of the most profitable cyber crime gangs in the world. Since February 2024, the group has been facing serious law enforcement onslaught. One freelance hacker was arrested for his aid to this group in June 2024, four other group members were arrested and their devices seized in late 2024 through Operation Cronos.
In December 2024 one of its developers was arrested in Israel. Though these are good signs, how much has its cyber firepower gone down, is debatable. The fact is that the US has the highest number of exposed Fortinet firewalls, closely followed by India and Brazil. Given this fact, the Forescout researchers have warned organisations to mitigate against this threat actor. What approach needs to be taken? It is the defense of depth approach by way of properly segmenting networks and implementing layered security controls. Fortinet users need to patch vulnerable systems, restrict management access and audit administrator accounts to start with.
UTMOST CYBER VIGIL IS EASIER SAID THAN DONE. IT IS THE MIRAGE WE NEED TO BE NEAREST OF.
Sanjay Sahay
Have a nice evening.