DailyPost 2911
THE FORTINET HACK – DETAILS OUT…
The IT revolution which promised transparency to the world, brought it only for the hapless, the organisations, institutions and enterprises who wanted their tracks and data covered, have managed to do so. The cyber security companies, the tech policemen to the IT world, would like to keep their hacks shrouded in secrecy, to the extent of putting out government type communique, which hides more than it communicates to the public domain. Notwithstanding the fact that the credibility would come in question, what is the choice? Can credibility based on false presumptions or keeping the facts hidden of a major breach that has happened, however damning it might be, makes business sense?
Business sense dictates that clearing the air is the best way forward. We are talking about the recent Fortinet breach. When BleepingComputer contacted Fortinet with additional questions they did not get any response from them. In a response to an earlier question on the issue Fortinet had earlier confirmed that customer data has been stolen from a “third party cloud-based shared file drive.” The company’s earlier interaction with BleepingComputer did not disclose how many customers are impacted and what kind of data has been compromised.
The threat actor has come out with its claims. It says it had stolen 440 GB of files from the company’s Microsoft Sharepoint server. It is Fortinet’s Azure Sharepoint instance. “The threat actor then shared credentials to an alleged S3 bucket where the stolen data is stored for other threat actors to download.” BleepingComputers says it has not accessed this storage bucket, hence it is not in position to confirm whether it contains Fortinet’s stolen files. The ransomware amount has still not come out in the open.
The threat actor’s motive behind an attack of this nature is ransom. The threat actor in question here is “Fortbitch”. It claims to have made efforts to extract ransom out of Fortinet but has not disclosed the amount. Everyone knows that the ransom was demanded to prevent the likely publishing of data but the company has refused to pay. The information regarding the breach, damage done and remedial measures taken are still in a state of flux, as far as its knowledge in the public domain is concerned. Any further delay is not going to resurrect the company’s credibility, on the contrary it keeps adding up to the damage.
CYBER SECURITY COMPANIES GETTING HACKED LEAVES US WITH NO PLACE, WHERE WE CAN RUN FOR COVER.
Sanjay Sahay
Have a nice evening.