轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-400-202606-00000006

[內容說明]
研究人員發現有攻擊者針對Fortinet防火牆與VPN裝置等設備進行大規模憑證竊取攻擊，且疑似掌握相關設備之帳密資料，進而大規模破解相關設備防護措施。
請機關運用下列查詢工具確認自身設備是否已遭揭露，並請盡速採取改善措施。 工具連結：https://www.hudsonrock.com/fortinet

[影響平台]
所有Fortinet設備

[建議措施]
1.隱藏管理介面：盡速確認設備管理介面是否暴露於網際網路，並將管理介面從公開網際網路移除，僅允許受信任的IP或透過跳板機/VPN方式存取。
2.全面重置設備密碼：立即更換所有Fortinet設備管理介面與VPN之管理者密碼。
3.啟用多因子驗證機制（MFA）：建議在所有遠端存取與管理員帳戶啟用多因素認證。
4.強制升級雜湊演算法：升級 FortiOS 後，要求所有管理員至少登入一次防火牆，系統會自動將密碼加密方式升級為更難被破解的 PBKDF2 演算法。

[參考資料]
1. https://www.hudsonrock.com/fortinet

Forward National Information Security Analysis and Sharing Center Information Security Alert NISAC-400-202606-00000006

[Description]
Researchers have discovered that attackers are conducting large-scale credential theft attacks targeting Fortinet firewalls and VPN devices, and are suspected to have obtained account and password data of related devices, thereby carrying out large-scale cracking of the protection mechanisms of such devices.
Please use the following query tool to confirm whether your devices have been exposed, and promptly take remediation measures. Tool link: https://www.hudsonrock.com/fortinet

[Affected Platform]
All Fortinet devices

[Recommended Measures]
1.Hide management interface: Promptly confirm whether the device management interface is exposed to the Internet, and remove the management interface from the public Internet, allowing access only from trusted IPs or via jump server/VPN.
2.Fully reset device passwords: Immediately change all administrator passwords for Fortinet device management interfaces and VPNs.
3.Enable Multi-Factor Authentication (MFA): It is recommended to enable multi-factor authentication for all remote access and administrator accounts.
4.Force upgrade hashing algorithm: After upgrading FortiOS, require all administrators to log in to the firewall at least once; the system will automatically upgrade the password encryption method to the more secure PBKDF2 algorithm.

[References]
1.https://www.hudsonrock.com/fortinet