The FBI and Cybersecurity and Infrastructure Security Agency Friday advised organizations to protect their computer networks from known vulnerabilities in FortiOS, the operating system for the Fortinet network security system. The agencies in March observed cyber actors scanning for these vulnerabilities, likely to gain access to networks to launch future distributed denial-of-service attacks, ransomware attacks, structured query language injection attacks, spearphishing campaigns, website defacements and disinformation campaigns. The advisory includes mitigation actions for organizations whether they use the operating system or not.
Also last week, the National Counterintelligence and Security Center launched its fourth annual National Supply Chain Integrity Month with a call for organizations to strengthen their supply chains against foreign adversaries and other potential risks. For more on the initiative and best practices, visit the AHA website.
“The targeting of the Fortinet vulnerabilities, which may be indicative of nation-state malicious activity, provides another example of a third-party service provider potentially exposing their clients to cyber risk through vulnerabilities in their services,” said John Riggi, AHA senior advisor for cybersecurity and risk. “Fortunately, the NCSC last week released resources to help organizations mitigate third-party and supply chain risk. It is imperative for hospitals and health systems to have a robust vendor risk management program that risk-prioritizes business associates and includes software supply chain vendors.”
For more on these or other cybersecurity and risk issues, contact Riggi at firstname.lastname@example.org.