Surge in attack traffic

May, Mon, 2025
nathan
Industry News , Mailing List , Tech news

In concert with three new vulnerabilities in a number of Fortinet products (CVE-2024-23111 – 6.2, CVE-2023-46720 – 6.3 and CVE-2024-21754 – 1.7), our ThreatFeed detected another surge in attack traffic against Fortinet devices in the field. Some interesting take-aways from the data on our end is that the attacks appeared to peak when the vulnerabilities were announced and then wane pretty quickly from there. Additionally, the majority of the blocked traffic (it’s worth noting that this is aggregate, so some is likely related to the attacks and some is other assorted garbage) originated from the Netherlands, which seems strange. The final graph shows the number of addresses logged into ThreatFeed by day, jumping from just over 100 on 27 April to just over 800 on 4 May.

It’s also worth noting that CVE-2024-23111 affects all FortiOS v7.2 devices BUT requires that the attacker already have privileged access and super-admin to exploit. CVE-2023-46720 does not require privileged access to exploit but was patched in FortiOS 7.4.1 and 7.2.7.

Need IT Support for your Home or Business? We’d love to help!

Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?

Cyber Tech Cafe an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.

If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.