Traffic suggests extensive attacks on unpatched Fortinet gear

Mar, Thu, 2025
nathan
Industry News , Tech news

One of the services that we provide for all of our MyIT Client is log review and, for our MyIT Silver and Gold clients, near-real-time alerting for significant events and we use a SIEM / Log Aggregator to collect, analyze and track log data across the fleet. An added benefit of this logging is that we’re able to get an aggregate view of what’s going on across the fleet and a decent sample of what’s going on on the Internet at large. We use that data to dynamically update FortiGate firewalls in our fleet to help shield them against likely attacks.

Since Fortinet announced the last round of vulnerabilities, we’ve seen a surge in what appears to be attack traffic against unpatched Fortinet products and some interesting sources that appear to be major players in the traffic.

Looking at this graph, we see that the attack traffic started trending up on 20 February 2025 and the initial round of vulnerabilities was announced on 11 March 2025. There’s a lull between 3 March and 6 March and then traffic starts trending up again and has stayed pretty consistent at between around 700,000 and 900,000 attacks per day across the fleet since then.

These two graphs give us some information on what types of attacks we’re seeing and what countries those attacks are originating from over the same 30 day period. It’s not terribly surprising that the United States is way out in the lead on this but it is interesting to see some of the others getting in the game (Netherlands, Romania and Poland, for example).

This final graph shows the same query for the last seven days and it’s interesting that, although the United States is still way out in the lead as far as blocked attack sources, IP Addresses from the Netherlands and Russian Federation have moved up to the second and third spot respectively.

Need IT Support for your Home or Business? We’d love to help!

Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?

Cyber Tech Cafe an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.

If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.