A recent vulnerability report published by Cyble has highlighted a concerning trend of nearly 1 million Fortinet and SonicWall devices being exposed on the internet with actively exploited vulnerabilities. The report also delved into dark web exploits and vulnerabilities in Grafana Labs and CyberPanel, shedding light on the increasing threats faced by organizations in the cyber landscape.
Cyble’s scanners identified a staggering number of Fortinet devices, with nearly 500,000 instances exposed to two actively exploited vulnerabilities. Among these were 62,000 FortiManager instances and 427,000 internet-facing Fortinet devices. One of the vulnerabilities, known as “FortiJump” or CVE-2024-47575, has been actively exploited since June, allowing threat actors to execute arbitrary code or commands. Despite Fortinet notifying customers of the vulnerability and providing mitigation recommendations, some users reported being unaware of these communications, indicating a need for improved advisory processes.
In addition to the Fortinet vulnerabilities, Cyble also detected over 486,000 SonicWall devices exposed to CVE-2024-40766, a severe improper access control vulnerability in the administrative interface of the SonicOS operating system. This vulnerability has been exploited by ransomware operators, such as Fog and Akira, targeting SSL VPN environments. Similarly, CyberPanel instances have been targeted in mass ransomware and cryptominer attacks due to two critical vulnerabilities, CVE-2024-51567 and CVE-2024-51568, affecting the open-source web hosting control panel.
The report also highlighted vulnerabilities in other platforms, such as Grafana and Xlight FTP Server, further underscoring the widespread nature of cyber threats facing organizations. Cyble’s sensor intelligence report flagged active attacks on WordPress plugins, including LightSpeed Cache and GutenKit, as well as ongoing vulnerabilities in IoT devices used in industrial settings.
Moreover, Cyble detailed attacks on remote access protocols and ports, such as RDP (port 3389) and VNC (port 5900), with RDP being a particular target in recent cyber campaigns like the “Midnight Blizzard” campaign against Ukraine. The persistence of attacks on these vulnerabilities emphasizes the importance of robust cybersecurity measures and timely patching to mitigate risks effectively.
Overall, Cyble’s comprehensive vulnerability report serves as a stark reminder of the evolving threat landscape faced by organizations, urging stakeholders to prioritize cybersecurity measures and stay vigilant against potential cyber threats. As the digital realm continues to expand, the need for proactive security measures becomes increasingly crucial in safeguarding sensitive data and infrastructure from malicious actors.