Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Agora
- Engage Services
- The EPSP Platform
- The ETSP Platform
- Finland
- FortiCare Service Development
- FortiGate-VM on Azure
- FortiGate-VM on AWS
- FortiGate CNF (All Marketplaces)
- FortiWeb Cloud (All Marketplaces)
- Fortinet for SAP
- FortiSIEM
- FortiSOAR
- KCS
- Lacework
- Super User
- Agora
- Engage Services
- The EPSP Platform
- The ETSP Platform
- Finland
- FortiCare Service Development
- FortiGate-VM on Azure
- FortiGate-VM on AWS
- FortiGate CNF (All Marketplaces)
- FortiWeb Cloud (All Marketplaces)
- Fortinet for SAP
- FortiSIEM
- FortiSOAR
- KCS
- Lacework
- Super User
- Agora
- Blogs
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Agora
- Engage Services
- The EPSP Platform
- The ETSP Platform
- Finland
- FortiCare Service Development
- FortiGate-VM on Azure
- FortiGate-VM on AWS
- FortiGate CNF (All Marketplaces)
- FortiWeb Cloud (All Marketplaces)
- Fortinet for SAP
- FortiSIEM
- FortiSOAR
- KCS
- Lacework
- Super User
- Agora
- Engage Services
- The EPSP Platform
- The ETSP Platform
- Finland
- FortiCare Service Development
- FortiGate-VM on Azure
- FortiGate-VM on AWS
- FortiGate CNF (All Marketplaces)
- FortiWeb Cloud (All Marketplaces)
- Fortinet for SAP
- FortiSIEM
- FortiSOAR
- KCS
- Lacework
- Super User
- Agora
- Blogs
FortiNDRCloud
SaaS based NDR solution providing 365 days data retention, along with Technical Success Manager
- Fortinet Community
- Knowledge Base
- FortiNDRCloud
- FortiGuard Outbreak Alert: Black Basta Ransomware
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
FortiGuard Outbreak Alert: Black Basta Ransomware
|
Description |
Black Basta is a type of ransomware-as-a-service (RaaS) that was first discovered in April 2022. Since then, its affiliates have targeted numerous businesses and critical infrastructure in North America, Europe, and Australia. By May 2024, Black Basta had impacted over 500 organizations worldwide. Black Basta has been seen using techniques such as phishing and exploiting public-facing applications to gain initial access, specifically exploiting CVE-2024-1709, an authentication bypass that allows attackers to create admin accounts on vulnerable instances, while CVE-2020-1472(DCSync), CVE-2021-42278 and CVE-2021-42287 are privilege escalation techniques. |
||||||||||||
|
CVE ID |
CVE-2024-1709 (https://nvd.nist.gov/vuln/detail/CVE-2024-1709) |
||||||||||||
|
NDR Cloud Detection Rule |
FortiNDR Cloud v2024.6+
|
||||||||||||
|
Playbook |
N/A |
||||||||||||
|
Threat hunting |
FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Black Basta Ransomware” related activities All IOCs listed above have been added to Threat Intelligence Intel under "Fortinet Outbreak Alert" Collection |
||||||||||||
|
Suricata Coverage |
Customers can create custom investigation/detections using the Suricata signatures below: |
||||||||||||
|
Other Fortinet Products |
For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to |
Labels:
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.