Maritime companies are being urged to review their cyber security after the recent FortiBleed incident exposed Fortinet firewall administrator credentials.
According to Cydome, more than 86,000 administrator credentials for Fortinet firewalls and other network security devices were leaked across 194 countries. The company’s research indicates the dataset represents around 50% of internet-reachable FortiGate devices, and includes 703 satellite-linked IP addresses associated with maritime communications providers.
Cydome identified more than 250 affected maritime organisations, with most linked to ship ownership and management.
Cydome CEO Nir Ayalon said: "Although we are still monitoring the extent of FortiBleed on the industry, of all maritime-related logins leaked, 41.5% were shipping and freight companies, 31.2% were offshore contractors and service companies, 10.7% newbuild and repair yards, and 6.7% were port authorities and logistics firms.
“The team found that 87% of Fortinet devices exposed to the internet still had internet-facing management interfaces available, while 63% of harvested credentials related to default or built-in administrator accounts that had never been renamed.”
Cydome says FortiBleed differs from many other cyber incidents because it relies on previously exposed administrator credentials that remained valid after software upgrades, rather than a newly discovered software vulnerability.
Vice-president of research and development, Alon Ayalon, urged organisations to follow guidance from the US Cybersecurity and Infrastructure Security Agency: “We urge organisations to follow the CISA guidance and terminate active administrator and VPN sessions, reset passwords, enable multi-factor authentication and investigate systems for signs of unauthorised access.”
Appearing in the FortiBleed dataset does not necessarily mean an organisation is compromised but it does indicate that credentials associated with its network security infrastructure have been exposed and should be treated as a potential vulnerability, he added.
Printed Copy:
Would you also like to receive CIR Magazine in print?
Data Use:
We will also send you our free daily email newsletters and other relevant communications, which you can opt out of at any time. Thank you.








YOU MIGHT ALSO LIKE