ViganSailors SocietyPort of StocktonVan AalstGeneva DryTelestack
  • Port of Stockton
  • Geneva Dry
  • Telestack
  • Vigan
  • Van Aalst
  • Sailors Society

Global maritime under threat from Fortibleed incident, warns Cydome

Global maritime under threat from Fortibleed incident, warns Cydome

(Posted on 03/07/26)

Major maritime, ports and energy companies have been identified by Cydome’s threat-intelligence unit as having Fortinet Firewall passwords and logins leaked in the recent “FortiBleed” incident.

More than 86,000 Administrator credentials of Fortinet Firewalls and other devices protecting the networks of thousands of organisations across 194 countries were breached, with hackers gaining unauthorised access to the Fortinet devices and enabling them to further compromise the target networks and data.

Cydome research shows that the leak, which is estimated to represent 50% of all internet-reachable FortiGate devices, also included 703 satellite-linked IP addresses associated with maritime satcom service providers.

Of the 250+ maritime firms found to be impacted by the incident, most were shipowner/management companies, and “consistent with FortiBleed hitting the operational core of maritime trade, not just back-office IT,” said Cydome founder and CEO Nir Ayalon.

“Although we are still monitoring the extent of FortiBleed on the industry, of all maritime-related logins leaked, 41.5% were shipping and freight companies, 31.2% were offshore contractors and service companies, 10.7% newbuild and repair yards, and 6.7% were Port Authorities and logistics firms.

“The team found that 87% of Fortinet devices exposed to the internet still had internet-facing management interfaces available, while 63% of harvested credentials related to default or built-in administrator accounts that had never been renamed.

“This suggests that many organisations have not yet taken the steps needed to fully secure affected systems… probably because they don’t know they have been hacked, yet!” said Ayalon.

FortiBleed differs from many cyber incidents because it is not based on a newly discovered software vulnerability. Instead, it exploits older administrator credentials that remained vulnerable after software upgrades.

In many cases, organisations updated their systems but did not take all the necessary steps to fully replace and discard legacy passwords, allowing attackers to recover valid credentials and test them against live devices - even after the Fortinet software patch.

Commenting on the seriousness of the incident, Cydome co-founder and VP R&D Alon Ayalon said it has already prompted action from the U.S. Cybersecurity and Infrastructure Security Agency (CISA)

“We urge organisations to follow the CISA guidance and terminate active administrator and VPN sessions, reset passwords, enable multi-factor authentication and investigate systems for signs of unauthorised access.”

Appearing in the FortiBleed dataset does not necessarily mean an organisation is compromised. “But it does indicate that credentials associated with its network security infrastructure have been exposed and should be treated as a potential vulnerability,” said the VP R&D.

"Shipping is one of the world's most connected industries, and that connectivity is essential for efficient operations," he said.

Latest News

Algoma announces refinancing of long-term debt

(Posted on 03/07/26)

Algoma Central Corporation, a leading provider of marine transportation services, has announced that... Read more


Crewing specialist expands global recruitment network with Indonesian seafarers

(Posted on 30/06/26)

As the global shipping industry faces mounting concerns over future crew availability, Danica Crewing... Read more


IMO pauses evacuation in Strait of Hormuz following attack

(Posted on 29/06/26)

Following an attack on a vessel in the Gulf of Oman, IMO has decided to temporarily pause its evacuation... Read more


Human cost of keeping world trade moving highlighted on Day of the Seafarer

(Posted on 25/06/26)

Leading health and wellness platform OneCare Group is calling on shipping leaders to recognise the immense... Read more


Partnership to put seafarer wellbeing at heart of maritime safety

(Posted on 24/06/26)

NorthStandard will partner maritime welfare charity Sailors’ Society to support seafarers&rsquo... Read more


IMCA urges focus on diver safety amid rising demand as Strait of Hormuz reopens

(Posted on 24/06/26)

The International Marine Contractors Association (IMCA) has reminded vessel owners and operators of... Read more


Dark side of AI exposes maritime cyber training gap, warns SmartSea

(Posted on 24/06/26)

AI is promising enormous benefits for the maritime industry. However, as shipping embraces digitalisation... Read more


New DNV RP establishes measurement framework for onboard carbon capture and storage

(Posted on 24/06/26)

DNV has published a recommended practice (RP) providing a standardised framework for measuring and verifying... Read more


ClassNK receives authorisation from French flag

(Posted on 24/06/26)

ClassNK has announced that it has earned authorisation from the French Government (Directorate general... Read more


ESL and AtoB@C to unite under one ESL Shipping brand

(Posted on 18/06/26)

ESL Shipping is to integrate its subsidiary AtoB@C Shipping into a unified ESL Shipping brand.... Read more


TBA GroupCimbriaPort of South LouisianaBühler GmbH
  • TBA Group
  • Port of South Louisiana
  • Cimbria

Subscribe to our newsletter

Keep up to date with the latest global news in bulk cargo handling and shipping