FortiBleed Also Shows The Fallout Of GPU Driven Hacks
Welcome to yet another day in the security horror show that has become our lives. Today reveals not just a successful hack of Fortinet VPN appliances but pretty much the biggest one we’ve seen yet. FortiBleed is the name given to the successful breach of Fortinet and FortiGate VPN credentials for 73,932 corporate firewall URLs and tragically they are companies you deal with. Your home system might be safe from FortiBleed but if you have an account with companies like Chevron, Comcast or Samsung this hack will affect you indirectly. If you are worried about the companies you shop at, or are concerned about your own you can use Hudson Rock’s tool to see if you’re in the hack, via a link at Infostealers.
The scope of the work behind the attack is perhaps even more terrifying that the effects. The wastes of oxygen behind the attack leveraged a 45-GPU cluster managed through Hashtopolis to chew through 1.16 billion credential attempts against 320,777 FortiGate targets. They even had enough spare cycles to make 2.1 billion attempts against 163,650 Microsoft SQL Server systems. That is one of the downsides to having such powerful clusters without any guardrails. Sure, you might be using that HPC cluster to design a new anti-cancer drug, or you could be hacking the planet, the GPU cluster doesn’t know nor care and the company hosting the hardware doesn’t either, at least for now.
It’s been a bad week/month/year for security minded technology fans, let’s hope that this is the worst thing to happen this week.
