In a recent report from AWS, it was revealed that cybercriminals, leveraging off-the-shelf generative AI tools, infiltrated over 600 internet-exposed FortiGate firewalls across 55 countries between mid-January and mid-February. This financially motivated campaign, attributed to a Russian-speaking group, employed a brute-force method—scanning for exposed management interfaces and using weak credentials to access configuration files. These files provided crucial insights into victim networks, enabling further exploitation. The attackers utilized commercial AI tools to create attack playbooks, significantly lowering the skill barrier for executing complex operations. While the techniques showed signs of basic automation, the group focused on volume, often abandoning heavily secured targets. The activity appeared opportunistic, without a specific geographic focus, raising downstream risks for managed service providers. AWS emphasized that improving basic cybersecurity hygiene, like disabling public access to management interfaces and enforcing multi-factor authentication, could have mitigated much of the threat.
Source link
