WatchGuard Blog

Fortinet, potential vector for Lockbit ransomware attack against Accenture

Accenture has acknowledged that it was the victim of a ransomware attack on July 30 in what it described as a "security incident." As reported by Cyberscoop, the hackers (a gang known as LockBit) began leaking stolen data and threatened to release further compromised information. LockBit first emerged in 2019 and its ransomware cyberattacks primarily target large corporations, from which it hopes to extort large sums of money. The latest release of its ransomware, LockBit 2.0, includes automatic encryption of devices using Windows, making it one of the fastest attack methods around. As usual in this type of threat, the first phase of the attack serves as proof to force payment of a "ransom" of 50 million dollars in return for recovering the 6 TB of stolen data and prevent its release. The consulting firm reported that the cyberattack was a minor incident and did not affect sensitive client information in any way.  

"The perpetrators accessed certain documents relating to a small number of clients and some of the work we had done for them, although none of them included sensitive content," Accenture highlighted in a statement. It reported that it had managed to isolate the incident and infected servers, restoring its backup content.  

Fortinet VPN, a potential entry vector for hackers 

Although the scope of the threat did not have a significant impact on clients, Accenture did pay a heavy toll in terms of image: the attack rippled through social media, especially considering that cybersecurity is one of the branches Accenture specializes in. What went wrong then? Although this has not been confirmed, it is suspected that LockBit exploited vulnerabilities in the Fortinet VPN. 

This theory is propounded by the government agency Australian Cyber Security Centre (ACSC), which warned at the time about the risk of a cyberattack of this nature. The report published by the ACSC highlights that LockBit would have exploited existing vulnerabilities in both FortiOS and FortiProxy, both Fortinet systems. This vulnerability is present in the firm's SSL VPN.  

The importance of shielding remote access 

This threat has once again highlighted the importance of securing remote access in large corporations. VPNs have become new entry vectors, so relying solely on an encrypted connection can be a very high price to pay in the event of a vulnerability. On the other hand, the pandemic has led to a change in habits that led to an increase in working from home, and with it, the possibility of cyberattacks multiplying.  

The first thing to consider in your security strategy is to protect your endpoints with advanced cybersecurity tools. The second major step is to encrypt the connection with a next-generation VPN integrated with the software protecting the endpoint itself. It is important to have a single tool that manages all the client's cybersecurity because this means a permanently updated system is available, supported by single management and interface, and any potential vulnerabilities will be proactively eliminated. 



This is precisely what the WatchGuard Cloud platform offers, a single comprehensive security solution, managed from the Cloud, which includes all the protection elements that the client needs to prevent cyberattacks, such as the one suffered by Accenture. This platform provides the company's IT team and MSPs a way of ensuring full security, all without the need to deploy a complex infrastructure as it is managed entirely from the Cloud. This defense barrier includes an advanced sandbox in the Cloud (Cloud Sandboxing) capable of detecting the most sophisticated attacks, malware detection using artificial intelligence, DNS filtering, and of course a VPN integrated throughout the system.