Recommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common credentials for FortiGate appliances should be changed. They should ensure multifactor authentication is implemented for all admin and VPN access, and make sure there is no password reuse between FortiGate VPN credentials and Active Directory domain accounts.To avoid their systems being exploited, IT admins in firms using AWS are advised to enable Amazon GuardDuty for threat detection, monitoring for unusual API calls and credential usage patterns, use Amazon Inspector to automatically scan for software vulnerabilities and unintended network exposure, and use AWS Security Hub to maintain continuous visibility into their security posture.Fernando Montenegro, cybersecurity practice lead at Futurum, said organizations are still coming to terms with the acceleration and augmentation that AI can bring to adversaries. In this case, he said, the threat researchers highlighted how adversaries likely leveraged AI capabilities to create crude but effective tools to support their campaign. This is the same kind of capability that allows a non-malicious user to ‘vibe code’ something for a narrow use case, but instead of a benign app, it’s a malicious tool.
Raises the bar for security: Organizations always deal with constraints that are not visible to outside observers, so ‘implementing security basics’ may, in many cases, not be a simple endeavor, he added. Most security teams deal with numerous competing priorities and limited budgets, and must constantly balance a mixture of new-initiative and steady-state operational activities. “What this incident, and others, are making abundantly clear is that the augmentation of attackers through AI is constantly and quickly raising the bar in what is considered acceptable security practices moving forward,” he also said. “This will require organizations to spend more cycles making sure that these weaker security practices be quickly removed from their environment, lest they fall prey to nimble(r) attackers.”In a LinkedIn blog, Amazon CISO Moses noted that organizations with strong credential hygiene, MFA, and proper network segmentation successfully blocked these attacks. “And while AI is lowering the barrier to entry for attackers,” he added, “it’s an equally powerful tool for defenders, helping security teams detect threats faster, automate response at scale, and stay ahead of evolving tactics. As attack volumes grow from both skilled and unskilled adversaries, the same defensive basics that protected against this campaign will remain your most effective countermeasure.”In response to questions from CSO, he added that the Russian group’s success “fundamentally demonstrates that threat actors often choose the path of least resistance. When basic security controls like multi-factor authentication, proper network segmentation, and credential management aren’t in place, even unsophisticated actors can achieve strategic objectives at scale. The AI simply amplified their efficiency.”Asked why IT leaders are still unable to implement cybersecurity basics, he said, “The challenge isn’t knowledge, it’s operating in resource-constrained environments where technical debt and competing business priorities create systematic gaps in foundational security. Legacy systems, budget constraints, and rapid digital transformation often force difficult trade-offs, but threat actors are now leveraging AI to exploit these exact vulnerabilities at machine speed. The path forward requires making security fundamentals so embedded that they become operationally resilient, even under resource pressure.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4136198/russian-group-uses-ai-to-exploit-weakly-protected-fortinet-firewalls-says-amazon.html
