• Namibia's national cybersecurity incident response team has identified 13 organizations potentially exposed to the global FortiBleed credential compromise campaign.
• Authorities have found no evidence of widespread compromise but have urged affected entities to reset credentials, enable multi-factor authentication and update Fortinet devices.
• Cybersecurity researchers estimate that more than 86,000 valid Fortinet credentials remain exposed across 194 countries.

Namibia's cybersecurity authorities have identified 13 organizations that may have been exposed to FortiBleed, a global credential compromise campaign targeting firewalls and virtual private network (VPN) gateways manufactured by U.S.-based cybersecurity company Fortinet.

The Namibia Cyber Security Incident Response Team (NAM-CSIRT) issued the alert over the weekend. The agency said it has found no evidence of widespread compromise among the affected organizations but urged them to implement corrective measures without delay.

"Although there is currently no evidence of widespread compromise among the identified Namibian organizations, this incident highlights the importance of adopting proactive cybersecurity measures. Simply put, Fortinet firewalls serve as the digital gateway to an organization's network," said Mufaro Nesongano, spokesperson for the Communications Regulatory Authority of Namibia (CRAN).

"If the keys to that gateway, such as administrator usernames, passwords or VPN credentials, become exposed, malicious actors could gain access to the network as if they were authorized users and conduct malicious activities without immediately raising suspicion," he added.

According to several cybersecurity firms, FortiBleed does not stem from a newly discovered software vulnerability. Fortinet said the campaign relies on the reuse of credentials compromised during previous security incidents, combined with brute-force attacks targeting inadequately protected devices, particularly those that do not use multi-factor authentication.

Cybersecurity company SOCRadar estimates that more than 86,000 valid and exploitable credentials linked to internet-exposed Fortinet infrastructure remain available across 194 countries. The estimate has continued to rise since researchers uncovered the campaign. Earlier public estimates from cybersecurity company Field Effect identified approximately 74,000 compromised VPN configurations and firewall devices.

NAM-CSIRT has instructed potentially affected organizations to reset administrator and VPN credentials, activate multi-factor authentication and install the latest updates on Fortinet equipment.

CRAN also recommended that organizations conduct comprehensive reviews of firewall configurations to detect any unauthorized changes. The regulator welcomed organizations that have already begun implementing the recommended corrective measures.

This article was initially published in French by Adoni Conrad Quenum

Adapted in English by Ange J. A de Berry Quenum