I found out our IP was banned and after looking at the logs in FortiGate I saw a raspberry pi doing SSH attacks per below. I unplugged it from the network as I could not even log into it. Seems the virus was clever enough to change the password. Any point to doing a deeper dive into how this happened or find out what IP the virus was trying to communicate with? If not, I will reinstall the OS on that device and start from scratch.
The question you are asking isn't really a Fortinet-specific question. It's a general cybersecurity question and no one here can really answer it for you. It depends on you and your environment and whether you need to know those details or not and what kind of risk appetite you have for something like that (or worse) happening again.
For example, if you just wipe the device and re-install, whatever attack vector existed before likely still exists.
Up to you really how you want to approach this, though.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.