Description
The FortiGuard Incident Response team are ready to assist with the discovery, containment, and remediation of intrusions that have originated from the exploitation of vulnerabilities in external facing services.
A recently announced vulnerability in the Cacti platform (CVE-2022-46169) allows for unauthenticated command injection which could provide an initial access vector for an intrusion. Many threat actors, including those responsible for financial crime, are quick to integrate new vulnerabilities such as this into their TTPs.
Where exploitation is suspected a quick, thorough response is the best way to prevent an adversary from progressing through their kill chain and to minimize business impact.
Scope
FortiGuard.
Solution
Engaging Response Services
To engage the IR team directly to assist with an investigation please use the ‘Experienced a breach?’ link available here:
https://www.fortinet.com/solutions/enterprise-midsize-business/security-as-a-service/fortiguard-inci...
This webpage also has additional information on the IR services provided and how it can help response to and mitigate risks associated with vulnerabilities like this.
Engaging Proactive Services
If there is a question of whether the systems may be vulnerable to exploitation or to proactively prepare the security teams to better handle threats associated with campaigns targeting vulnerabilities like this, it is possible to engage the Incident Response Readiness service.
The FortiGuard IR Readiness service can assess the security posture and provide support to patch holes in the defenses, build playbooks to combat emerging threats, and war game the existing processes as part of tabletop activities.
Related document:
https://www.fortinet.com/content/dam/fortinet/assets/solution-guides/sb-fortiguard-incident-readines...
