As per the DOD’s zero-trust strategy, protecting Army data while at rest, in motion, and in use is a “minimum barrier-to-entry” for future combat and weapon systems. The data plan emphasizes a disciplined approach to data protection, leveraging concepts like attribute-based access control across the enterprise to allow DOD maximize the use of data while also employing more stringent security standards.
This exploit functions as a vulnerability in the HTTP/S admin access to most Fortinet solutions. Any organizations that deployed Fortinet devices running FortiOS, FortiProxy, or FortiSwitchManager should immediately respond to this alert.
One security researcher says the fact the Secureworks study found that threat actors are bypassing MFA may show that more organizations are deploying authentication technology.
Security researchers say this case underscores the need to lock down cloud apps via a least-privilege model, and monitor access control to all internet-facing cloud assets and data.
The DDoS attacks by an unknown group were riddled with anti-Russian messages, prompting security researchers to connect the incident to the Russia-Ukraine war.