A new hacking group called Belsen Group has dumped data containing IP addresses, firewall configurations, and plaintext VPN credentials from over 15,000 FortiGate firewalls. This breach is particularly alarming for MSPs and IT professionals who rely on FortiGate firewalls to secure client environments.

Key Takeaways:

• Over 54% of the compromised firewalls are still online and accessible as of January 2025.
• The breach is linked to CVE-2022–40684, a critical authentication bypass vulnerability that attackers exploited to steal firewall configurations.

Here’s a closer look at what happened, the risks involved, and how MSPs and IT professionals can protect their networks.

Background and Timeline

Who is the Belsen Group?

A relatively new cybercriminal group recently leaked 1.6GB of FortiGate firewall configurations, organized by country and IP address.

How Was the Data Obtained?

Cybersecurity researcher Kevin Beaumont linked this attack to CVE-2022–40684, a critical authentication bypass zero-day vulnerability disclosed by Fortinet in October 2022. Attackers exploited this flaw to extract configuration files and steal credentials.

Why Does It Matter Now?

Even though this data dates back to 2022, firewall configurations often remain unchanged unless an organization has actively responded to a known breach / rotated login credentials. This means that credentials and firewall rules from 2022 could still be valid.

Scope of Exposure

Major Findings:

• 54% of the leaked IPs remain online and reachable (as of January 2025).
• 33% of these IPs still expose FortiGate login interfaces
• A community-driven GitHub repository is tracking the leaked IPs:
  🔗 Leaked IP List

How to Check If You’re Affected

1. Compare Your IP Addresses

Check your IP inventory against the leaked IP list:
🔗 Leaked IP List

2. Guardz Trial Users Get a Free Check

Guardz offers a free vulnerability assessment during its trial period. We’ll check if your organization appears in the leaked data and provide Dark Web monitoring to detect other breaches.

Recommended Remediations

1. Patch & Update Immediately

• For FortiOS 7.0.x → Update to 7.0.16+
• For FortiOS 7.2.x → Update to 7.2.12+
• For CVE-2024-55591 → Follow Fortinet’s guidance to upgrade to 7.0.17+ or 7.2.13+

2. Rotate Credentials

• Immediately change all FortiGate passwords.
• Enforce multi-factor authentication (MFA) on all remote-access VPNs and admin portals.

3. Remove Public-Facing Admin Pages

• Restrict management interfaces to internal networks or secure VPN connections.
• Exposing admin interfaces to the public internet makes them easy targets for brute-force attacks and zero-day exploits.

4. Monitor for Unauthorized Activity

• Review firewall logs for suspicious logins or configuration changes.
• Track inbound connections from unknown or suspicious IP addresses.

How Guardz Supports You

1. Free Leak & Dark Web Checks

During our trial, we scan for any leaked IPs or credentials associated with your organization. We also provide Dark Web monitoring to stay ahead of new threats.

2. Actionable Insights

Our platform offers step-by-step remediation guidance, including:

• Enforced password resets.
• Security configuration suggestions, such as MFA enforcement.

Conclusion

This FortiGate firewall breach highlights the urgent need for proactive cybersecurity measures. Even though this stolen data is from 2022, many organizations haven’t refreshed credentials or firewall settings, leaving them exposed.

If you suspect your FortiGate devices have been compromised—or if you want expert guidance on securing your infrastructure—reach out to Guardz.

We’re here to help you navigate this breach, protect your assets, and keep your clients’ networks secure.

We are excited to announce the release of the Ultimate Plan, which combines SentinelOne’s industry-leading Endpoint Detection and Response (EDR) technology with the Guardz unified platform and adds Managed Detection and Response (MDR) for MSPs. This launch marks a significant milestone as we broaden our value proposition, offering a holistic, AI-powered, and user-centric managed cybersecurity service.

What Makes the Ultimate Plan a Game-Changer?

The Ultimate Plan builds on the Guardz platform’s holistic, user-centric approach to security by incorporating managed SentinelOne capabilities with Guardz MDR (Managed Detection and Response) services. Here’s what MSPs can expect:

1. Platform Configuration and Management

Guardz MDR simplifies the complexities of managing SentinelOne by taking on the day-to-day configuration and maintenance tasks:

• Monitoring Endpoint Health: Proactively ensuring devices are secure and operational.
• Policy Updates: Managing block and allow lists across global customer bases.
• Controlled Updates: Keeping SentinelOne agents up-to-date with controlled rollouts to maintain reliability.

2. Alert Triage

By leveraging AI, Guardz MDR manages and prioritizes alerts, removing the burden of false positives and reducing noise:

• Real-Time Alert Management: Ensures MSPs see only the most critical threats.
• Streamlined Workflows: Saves MSPs time by automating responses to routine notifications.

3. Incident Analysis

Guardz MDR goes beyond managing individual alerts by providing a comprehensive analysis of security incidents:

• Global Insights: Looks across organizations to understand the broader impact of threats.
• User-Centric Connections: Links endpoint activity with other security layers, such as cloud behavior, phishing patterns, and email activity, for a complete view of threats.

4. Incident Support

Guardz MDR offers direct, real-time engagement with a team of security analysts:

• Actionable Responses: Includes quarantining endpoints, blocking threats, and isolating risky users.
• Direct MSP Communication: Updates are delivered via phone, email, or the Guardz platform for seamless collaboration during incidents.

Tailor-Made for MSPs

The Ultimate Plan is designed specifically to meet the needs of MSPs, offering them the tools and support they need to succeed:

• Simplified Management: A single platform that consolidates tools and eliminates the need for multiple dashboards.
• Scalable Security: AI-driven automation and managed services enable MSPs to grow without adding headcount.
• Cost-Effective Offering: Advanced enterprise-level protection made affordable and practical for MSPs and their SMB clients.

Contact us today to learn more about how the Guardz Ultimate Plan can transform your security strategy!

Bringing Top-Level Security to SMBs

For SMBs, the Ultimate Plan delivers the kind of protection typically reserved for large enterprises—without the complexity or cost. By embedding SentinelOne’s capabilities into the Guardz platform and enhancing them with AI-powered management, Guardz ensures:

• Robust Security: SMBs gain access to enterprise-grade EDR, MDR, and a unified security approach.
• Ease of Use: Guardz takes on the heavy lifting so SMBs can focus on their business.
• Scalable Solutions: Security that grows with their business needs without requiring in-house expertise.

Why Choose the Guardz Ultimate Plan?

The Guardz Ultimate Plan empowers MSPs to deliver enterprise-grade security with unmatched ease and efficiency. Security is only as effective as an MSP’s ability to implement and manage it effectively. While SentinelOne’s best-in-class technology provides cutting-edge threat detection and remediation, its full potential can only be realized when paired with seamless management and real-time responsiveness. That’s where Guardz excels.

The Ultimate Plan combines SentinelOne’s powerful EDR capabilities with a unified platform designed to simplify provisioning, deployment, and ongoing management. On top of that, we layer a robust Managed Detection and Response (MDR) service to ensure MSPs can confidently deliver 24/7 protection against ransomware, account compromise, and other advanced threats.

Key benefits include:

• 24/7 Security Services: Empower your clients with always-on protection without adding to your team’s workload.
• Focus on Growth: Guardz handles the complexities of security management, freeing you to scale your business.

With Guardz, MSPs can provide world-class security services that are scalable, easy to manage, and designed to meet the demands of modern cybersecurity.

Empowering Small Businesses with World-Class Protection

The Ultimate Plan ensures SMBs receive the level of protection previously reserved for large enterprises:

• Cost-Effective Security: Delivers powerful protection without requiring in-house expertise or infrastructure.
• Scalable Solutions: Allows MSPs to offer 24/7 security services to SMBs without increasing headcount.
• Simplified Management: Reduces the complexity of managing multiple tools, freeing MSPs to focus on growing their businesses.

Final Thoughts

The Guardz Ultimate Plan represents a transformative shift in cybersecurity for MSPs and SMBs. By combining SentinelOne’s enterprise-grade technology with the Guardz unified detection & response, we’re empowering MSPs to deliver unmatched value to their clients while simplifying operations and improving scalability.

Contact us today to learn more about how the Guardz Ultimate Plan can transform your security strategy!

Looking to increase staff and expand operations? Are you having a tough time selling your MSP services to potential clients or retaining existing ones? We’ve assembled a list of 12 inspirational TED Talks every MSP and IT professional should start watching to make better decisions and grow a successful business. Watch them all. We highly recommend it. 

1)  I Was Seduced By Exceptional Customer Service | John Boccuzzi, Jr. 

We begin with retention. If you want to scale business operations, you must retain your existing customer base. John Boccuzzi Jr. will show you the value of having exceptional customer service and why he considers it the greatest form of marketing a brand can have. John explains why so many businesses fail due to poor customer experiences. Don’t be one of them.

2) Never Split The Difference | Chris Voss 

Are you struggling to sell your value and offerings to potential clients? Don’t find yourself in a no-win situation. Hear from a former FBI hostage negotiator with over 24 years of experience in high-stakes negotiations. Learn the art of Tactical Empathy to build meaningful relationships with your clients and convince those prospects of the value you offer.  

3) How to Master Recruiting | Mads Faurholt-Jorgensen 

“Most leaders spend 10% of their time recruiting and 90% correcting recruiting mistakes.” Mads Faurholt-Jorgensen will help you avoid these pitfalls by teaching you what to prioritize when hiring new staff. Learn how to conduct winning interviews and know if the person is the right fit within minutes. Build your team with greater confidence after this educational TED Talk. 

4) How to Write an Email (No, Really) | Victoria Turk

Victoria Turk will show you the fundamentals of email etiquette. Where should you begin when starting the conversation in an email? Victoria will give you the scoop on what you should include in the body of the text to keep potential clients interested. Keep those email conversations going in the right direction with this informative TED Talk. 

5) How to Write an Email That Will Always Be Answered! | Guy Katz 

A well-written email will help you close that contract faster. Every character counts. Guy Katz will teach you how to write an email that always gets answered, including the 5 ingredients for a great email. There are billions of emails sent daily. The majority of them won’t get opened or stand a chance of getting noticed as they are redirected to the spam filter. Guy’s practical advice will help increase your open rates and closed won opportunities in your sales pipeline. 

6) Neuromarketing: The New Science of Consumer Decisions | Terry Wu 

Why should a prospect choose your MSP over your competitors? Dr. Terry Wu breaks down the science of neuromarketing and gives you plenty of insight on how to better understand your clients. Learn how a failed Coca-Cola experiment led to 8,000 angry phone calls a day. Find out what the missing ingredient was to avoid customer churn.

7) Think Your Email is Private? Think Again | Andy Yen

Think your emails are private? Andy Yen will prove you wrong on that theory. Andy discusses the role of encryption in securing email conversations and the importance of protecting user privacy. Without encryption, the content gets transmitted as readable text, which gives a threat actor all the insight they need to steal personal information. Don’t hit that “send” button just yet until you’ve watched Andy’s insightful TED Talk.

8) Behavioral Economics – How to Make it Work for Us | Maciej Kraus

Are you pricing your services correctly? Take the guesswork out of your pricing efforts by mastering behavioral economics with Maciej Kraus. Learn the importance of behavioral science and how it helps your prospects move forward in the buying funnel. Find out what a coffee chain has in common with your pricing models.

9) Your Human Firewall – The Answer to the Cyber Security Problem | Rob May

Rob May talks about how personal data is such a precious commodity and how companies invest in traditional security when the bigger risks are what he dubs the human firewall. Rob talks about unsecured Wi-FI connections while waiting for your latte at Starbucks which could lead to potential man-in-the-middle attacks and data exfiltration. 

Rob also talks about phishing and how easy it is to fall into that trap – a great use case to implement phishing simulations in your organization. 

10)  Data Privacy and Consent | Fred Cate

Dr. Fred Cate will make you rethink what you know about data privacy and data collection. You’ll discover why data privacy is essential, not only for staying compliant with various regulations but also for safeguarding your customers’ identities and sensitive information. A very interesting talk all around. 

Learn about the Do’s and Don’ts of Managing Sensitive Data in the Cloud here.

11) SEO Matters | Ira Bowman

You can’t grow a successful MSP business without visitors coming to your website. Having visibility in Google’s search results can give you a competitive edge in the market. Just how much? Ira Bowman mentions the fact that Google owns 92-94% of search engine traffic. 

As an MSP, if your site isn’t on the first page, you’re missing out on the majority of potential clicks which ultimately translates to lost revenue. Ira will fill you in on all the SEO details to gain more search visibility and how to run campaigns that convert. 

12) 3 Ways to Make Better Decisions — by Thinking Like a Computer | Tom Griffiths

Decision-making doesn’t have to be complex, especially when you start thinking like a computer. Take a neural journey with cognitive scientist Tom Griffiths on how you can apply the logic of computers to decipher basic setbacks and accelerate business goals with little to no friction.

Stay inspired by following Guardz to learn more about the latest MSP findings and research to transform your business. 

Do You Know Where Sensitive Data Resides?

Do you know where all sensitive data resides within your organization, or more importantly, where it resides in your customers’ clouds? Those unauthorized access controls, excess permissions, inactive users, or misconfigured S3 storage buckets could be exposing terabytes of critical data by the minute. 

Research showed that more than 30% of cloud data assets contain sensitive information. But that’s where the problem begins for a busy MSP. Without clear visibility into where sensitive data resides or how it’s being accessed, securing it becomes nearly impossible, often resulting in a massive breach. 

That’s why we put this checklist together on The Do’s and Don’ts of Managing Sensitive Data in the Cloud. But first, do you know who has access to what?

Securing Data in the Cloud: Who Has Access to What? 

According to research conducted by Microsoft Security in their 2023 State of Cloud Permissions Risks Report, found that over 45% of organizations have AWS access keys that have not been rotated for at least months. The report also found that 40% of identities are inactive in AWS environments.

Let that sink in for a moment. 

How can MSPs determine who has access to which type of data across multiple cloud platforms and ensure it remains secure? 

Now factor in third parties. 

Third parties may have unmanaged access permissions that are out of your scope. Any of those permissions can provide a backdoor for attackers to exfiltrate sensitive data. 

And the risks aren’t only limited to cloud environments…

MSPs must constantly worry about shadow IT, where employees use unauthorized cloud services and other SaaS applications without the consent or knowledge of IT. This is a big problem. 

Those unauthorized cloud accounts and user roles can bypass security protocols (assuming they’ve been implemented) and leave your attack surface completely vulnerable. Even the most “harmless”-looking Chrome extension, such as Grammarly, can bring about major security threats since it has access to documents that contain financial transactions, proprietary information, and other PII. 

Once you agree to those terms, your data becomes vulnerable to those third parties. Those terms of service are often long, complex, and difficult to fully understand, making it easy for employees to overlook the risks associated with granting access.

Sure, data privacy laws have become more strict, but they can’t protect you from the risks posed by unauthorized access if you don’t know where sensitive data resides. 

Data at Rest vs. Data in Transit

In order to secure data, you first need to have a better understanding of the different types of data. 

Data at rest refers to data that is stored and not actively being transmitted or processed, such as in databases, file servers, or cloud storage. 

Data in transit or in motion, on the other hand, refers to data that is being transmitted from one location to another, such as emails or cloud-based API calls. 

All data, whether at rest or in transit, should be secured using strong encryption. This prevents unauthorized access to stored files on servers or cloud services (data at rest) and mitigates risks such as Man-in-the-Middle (MITM) attacks during transmission (data in transit).

The Do’s and Don’ts of Managing Sensitive Data in the Cloud [Complete Checklist]

Access permissions should be limited by default. But this is the part that gets tricky for MSPs.

Why?

Because an MSP may not be fully aware of how many permissions and identities are circulating within cloud environments. When was the last time your team conducted a comprehensive review of user permissions and roles across all cloud platforms? 

A month ago? A year? Longer?  

Now multiply those accounts, permissions, and identities when dealing with multiple clients simultaneously, and it’s not so hard to imagine that a data breach is only a single account login away. Research taken from Google Cloud’s 2023 Threat Horizons Report found that 86% of data breaches involve stolen credentials.

So, yeah, the threats are very real. No need to fall into that trap. 

Below are the most common cloud risks, along with best practices you can implement to prevent them and secure sensitive data.

But there’s a better way to manage sensitive data in the cloud. 

Keep All Sensitive Cloud Data Secured with Guardz 

Who has cloud access permissions to critical data? Don’t wait until an account gets compromised to find out. 

Guardz examines all digital assets within the customer cloud environment by scanning files and folders for excessive sharing permissions, misconfigurations, and other types of risky user behavior that can lead to a breach.

Prevent compromised credentials with Guardz cloud DLP and unified cybersecurity platform. 

See where all sensitive data resides across your organization and client cloud environments. 
Speak with one of our experts today.

The holidays are over, and you know what that means? Your inboxes are full of emails. 

But some of those emails might contain malicious links or files disguised to appear from trusted colleagues or even the C-suite within your organization. Can you tell the difference between a business email compromise (BEC) attack and a legitimate email from your CEO?

In this blog, we’ll dive into what a BEC is, the different types of BEC attacks, and how MSPs can spot them effectively before they reach their employees’ or clients’ inboxes. 

What is Business Email Compromise (BEC)? 

A business email compromise (BEC) is a type of social engineering attack where scammers look to defraud targeted employees. What makes a BEC unique is that the messaging and tone appear to come from legit senders, typically from the CEO or other high-ranking executives.

What makes these emails even more effective is their sense of urgency, designed to pressure employees into taking immediate action. For example, a common BEC might contain a message from the CFO asking for a wire transfer to “pay a vendor invoice.” Without proper employee training, such as routine phishing simulations, an unsuspecting employee might comply without verifying the request or sender details. BEC attacks accounted for 14% of all impersonation attack activity in corporate inboxes

The open rates for these emails are alarmingly high. A study found that 28% of BEC emails are opened by employees with 15% of those emails receiving a reply.

BEC attacks have cost organizations over $50B in losses within the past decade. 

AI Making BEC Attacks Harder to Detect

Scammers have begun leveraging Generative AI in their emails with striking accuracy and high success rates.

BEC attacks skyrocketed 20% YoY in Q2 2024 thanks to the advancements in AI-based technology. Scammers can now mimic the precise tone and writing style of C-level executives quite convincingly. 

The finance department in particular remains a prime target for BEC attacks as they have the authority to approve wire transfers, pay invoices, and handle sensitive financial information. AI-generated BEC emails use familiar language that a CFO or controller might mistake for a legitimate payment request. 

BEC emails can bypass traditional security filters as they are personalized to the recipient and appear to come from a trusted source within the organization. Attackers also leverage obfuscation techniques such as URL spoofing, HTML tag manipulation, payload encryption, and embedding links within images to evade email security filters. 

Types of BEC Attacks

Here are 5 types of BEC attacks: 

CEO Fraud: Attackers impersonate the role of a C-level executive, generally the CEO, asking for an urgent transfer of funds or sensitive information. Attackers spend a great deal of effort researching the company, even the CEO’s writing style and typical communication patterns on social media platforms and PR/media sites. This helps them craft targeted emails using the CEO’s tone, terminology, and phrasing.

Account Compromise: Attackers gain unauthorized access to a legitimate employee’s email account, typically through phishing, and leverage the information to send fraudulent requests, such as payment approvals to colleagues or partners.

Attorney Impersonation: There is almost nothing quite as intimidating as receiving a legal letter from an attorney in your inbox. One common form of BEC involves scammers posing as lawyers, requesting immediate payment for services, and sending attachments that appear to be official documents the recipient might recognize.

Data Theft: Data is pure gold to an attacker. They can resell stolen information, such as passwords, accounts, credentials, and financial data, on the dark web for quick profit returns. 

Scammers may also use the stolen information later on for identity theft or to launch more targeted spear phishing campaigns.

False Invoice Scam: Attackers leverage compromised email accounts of legitimate vendors or suppliers to send fake invoices for services. To the untrained eye, these types of BEC emails are increasingly difficult to detect, especially for a busy financial controller who is managing a large number of unpaid invoices with balances due to a variety of vendors. The billing details will go to a fraudster’s bank account and may go unnoticed until the vendor actually reports the missed payment or threatens legal action. 

4 Ways to Spot a BEC

Here are a few red flags to be aware of the next time you log into your corporate inbox:

1. Suspicious Email Header: Look for inconsistencies in the email header, such as unusual “Reply-To” or “From” addresses or email routing anomalies. BEC emails often contain disguised headers to hide their malicious offerings. Always verify the legitimacy of the sender. Check for DKIM, SPF, and DMARC authentication to ensure that the addresses come from trusted domains.

2. Poor Grammar & Typos: BEC emails often contain misspellings, grammatical errors, and excessive punctuation, such as multiple exclamation marks (!!!) at the end of a sentence, designed to create a sense of urgency and prompt an employee to take immediate action. Poor grammar is a classic sign of a phishing attempt. Take the time to go over the email thoroughly.

3. Email Context: Pay close attention to the body of the email itself. Any message asking you to “re-confirm” your personal details is a huge red flag. These keywords are usually accompanied by requests for processing a wire transfer or other financial transaction, such as an “unpaid supplier invoice” or “overdue balance.” Needless to say, you should never enter any sensitive financial details or PII without approval.
4. Timing: Scammers try to catch people off guard, and the best time to do so is during a holiday such as Thanksgiving or Christmas, when phishing attempts peak. Scammers also time BEC emails for Fridays, when employees are more relaxed heading into the weekend and less likely to report suspicious emails.

Avoid responding to “urgent” emails received on a Friday without verifying the sender. If the email appears to be from the CEO or another executive, confirm its legitimacy through a direct message on Slack or a quick phone call. That extra step can help prevent a massive breach. 

And as always, whenever in doubt, just don’t open the email. 

Prevent BEC Attacks and Bolster Email Security with Guardz 

Guardz’s unified cybersecurity platform leverages advanced machine learning and AI to monitor email activity, detect suspicious patterns through detailed email header analysis, and automatically enforce DMARC policies.

With Guardz’s auto-remediation tool, malicious emails are intercepted and either deleted or marked as safe before they can reach your employees’ or clients’ inboxes. 

Take a proactive approach to email security and BEC prevention with Guardz. 

Speak with one of our experts today.