Data theft is the main attraction of cyberattacks. At the beginning of the summer, the Snowflake data theft affected companies such as Santander and Ticketmaster. Now it is the cybersecurity provider, Fortinet, which has had to confirm that it has seen around 440 Gb of data compromised. In reality, we never know the magnitude of these attacks. Santander, at the time, reported that the attack affected a small proportion of data, much of it irrelevant. The reality is that the cybercriminals who carried out the attack claim that they are selling data from 30 million of the bank’s customers.
So, Fortinet’s 440GB could be even more in a few months. The attack, according to the cybersecurity firm, affected a limited number of files stored on Fortinet’s instance of a third-party cloud-based file share, which included limited data related to a small number of Fortinet customers. That amount would affect 0.3% of Fortinet’s total customers.
As is often the case when a cyberattack is reported, the communications departments of companies are responsible for minimizing the possible damage, which, however, increases over time. In this case, there is no exception, as the firm assures that “Fortinet operations, products and services were not affected and we have not identified evidence of additional access to any other Fortinet resources. The incident did not involve data encryption, the implementation of ransomware or access to the Fortinet corporate network.”
Fortinet has suffered four major cyberattacks so far this year
Fortinet also claims that no malicious activity targeting its customers has been detected as a result of the breach. But the cybercriminal has already acted hastily and posted an offer on the dark web for that small amount of 440 GB of files containing Fortinet customer data to sell to the highest bidder. The cybercriminal claims to have contacted Fortinet to demand a ransom in exchange for not leaking the data, but he said the company refused to pay the money.
The company has also been accused of failing to report the data theft to the SEC (the US Securities and Exchange Commission). The company has also acknowledged this fact, exonerating itself of the fact that “due to the limited nature of the incident, we have not experienced, and currently do not believe that it is reasonably likely that the incident will have, a material impact on our financial condition or our operating results.”
A bad year
The cybersecurity multinational is having a dark year. And this is not the only incident it has suffered throughout 2024. In January it had to fix two critical vulnerabilities in the code base of its FortiOS and FortiProxy HA cluster.
In February, it had to fix several vulnerabilities, one of them in its operating system, which left more than 100,000 devices exposed for several days, despite the fact that a gang of Chinese cybercriminals had already begun attacking those devices.
In June, another Chinese group attacked the Dutch Ministry of Defense by exploiting a vulnerability that went undetected for two months. In this case, around 20,000 other FortiGate firewalls were attacked before Fortinet discovered it. All in all, this new attack confirms that the cybersecurity multinational is going through one of the worst years in its history, which is affecting its reputation.