Let us handle IT so you can focus on growing your business.
Empower your IT team with scalable co-managed support.
Get multichannel 24/7/365 expert end-user support.
Protect, detect, and respond—Dataprise keeps your business secure.
Maximize uptime with with industry-leading DRaaS.
Swiftly mitigate cyber threats and restore security.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Keep production running with secure, always-on IT.
Accelerate PE client deals and secure data.
Empower Your Municipality with Secure, Reliable IT Services
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Grow through acquisition and partnership with Dataprise.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Explore our trusted partnerships with leading tech innovators.
Posts
By: James Morrison
Table of content
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert urging organizations using Fortinet firewalls and VPN gateways to take immediate action following reports of a widespread credential exposure campaign known as “FortiBleed.” Security researchers estimate that between 74,000 and 86,000 Fortinet devices may be affected, making this one of the most significant attacks targeting network security infrastructure in recent years.
The campaign is believed to be linked to Russian-speaking threat actors who have leveraged exposed credentials, password reuse, and automated attacks to gain unauthorized access to Fortinet devices around the world. Unlike a traditional zero-day vulnerability, FortiBleed highlights a growing cybersecurity challenge: attackers increasingly rely on compromised credentials rather than software flaws to infiltrate organizations.
Researchers report that attackers are using automated tools to scan the internet for exposed Fortinet firewalls and SSL VPN gateways. Once identified, they attempt to authenticate using credentials obtained through previous breaches, password reuse, credential harvesting, and brute-force attacks.
What makes FortiBleed particularly dangerous is its ability to scale. Once attackers successfully compromise a device, they can monitor network traffic, collect additional credentials, and use those credentials to compromise other systems within the environment. This creates a self-perpetuating cycle that allows threat actors to expand their access across networks and organizations.
For many small and midsize businesses, the risk is even greater. Fortinet solutions are widely adopted due to their affordability and ease of deployment. However, organizations that lack dedicated security personnel or managed security oversight may not realize they have been compromised until significant damage has already occurred.
One of the more concerning aspects of FortiBleed is that some organizations may remain vulnerable even after performing software upgrades.
Legacy password storage mechanisms used in older FortiOS versions may still exist in upgraded environments. In some cases, administrator credentials continued to be stored using weaker hashing methods, potentially allowing attackers to recover passwords and gain access to systems despite software updates.
This serves as an important reminder that patching alone is not enough. Organizations must also review how credentials are stored, managed, and protected throughout their environments.
Researchers have identified victims across numerous industries, including technology, telecommunications, construction, manufacturing, and government organizations. The campaign has impacted organizations worldwide, with the United States among the most heavily affected countries.
Security experts have also warned that attackers are building extensive databases of compromised credentials that can be reused in future attacks. Once valid administrative credentials are obtained, threat actors can modify firewall configurations, create backdoor accounts, disable security controls, and establish long-term persistence within a network.
CISA and security researchers recommend that organizations using Fortinet devices take the following actions as soon as possible:
Immediately terminate all active SSL VPN and administrative sessions to reduce the risk of unauthorized access.
Change all VPN, firewall, and administrator passwords, particularly for internet-facing systems. Organizations should also review password policies and eliminate password reuse.
Ensure administrator credentials are stored using Fortinet’s recommended password protection mechanisms, including PBKDF2, and remove any weaker legacy password hashes.
Examine firewall, VPN, authentication, and domain controller logs for signs of suspicious activity, lateral movement, unauthorized configuration changes, or unusual login behavior.
Implement phishing-resistant MFA across all remote access points, VPNs, administrative accounts, and external-facing interfaces.
Restrict management access to trusted internal networks, disable unnecessary accounts, and avoid exposing firewall administration interfaces directly to the internet whenever possible.
FortiBleed is only the latest example of how critical network infrastructure continues to be a prime target for cybercriminals. While Fortinet has faced increased attention due to its popularity among small and midsize businesses, no firewall vendor is immune. Organizations using Fortinet, Cisco, Palo Alto Networks, and other security platforms all face a constant stream of emerging threats and vulnerabilities.
The reality is that modern firewalls require ongoing monitoring, patch management, credential hygiene, configuration reviews, and threat detection. An unmanaged firewall can quickly become an organization’s greatest security risk rather than its strongest defense.
At Dataprise, our cybersecurity and incident response teams help organizations identify, contain, and remediate threats before they become business-disrupting incidents.
Whether you need assistance assessing your Fortinet environment, validating your exposure to FortiBleed, reviewing firewall configurations, implementing MFA, or conducting a full incident response investigation, our experts are ready to help.
If your IT provider has not contacted you about FortiBleed, now is the time to ask why.
Cyber threats continue to evolve, and proactive security management has never been more important. Dataprise can help you assess your environment, strengthen your defenses, and reduce the likelihood that credential-based attacks like FortiBleed put your business and customer data at risk.
Concerned about your Fortinet environment? Contact Dataprise today for a security assessment or incident response consultation.
Resources:
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
Companies using Fortinet Fortigate and its marketshare
James Morrison is the Security Sales Strategist at Dataprise, bringing more than 30 years of cybersecurity, technology, and leadership experience. Prior to joining Dataprise, he held senior security leadership roles, including Chief Information Security Officer, and spent 22 years with the FBI leading cybersecurity and criminal intrusion investigations. James has also served in key technology positions with HPE, Lockheed Martin, and the U.S. Air Force, making him a trusted advisor on cybersecurity strategy, risk management, and incident response.
Connect with James on LinkedIn
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.