Inside the FortiBleed Response: Hudson Rock’s Insights into the Global Disclosure Effort
The past few days following our publication on the Fortinet compromises have been an absolute whirlwind. We knew the data was critical, but the global reaction has been unprecedented. Here is a recap of what has been happening behind the scenes since the story broke.
1. Massive Industry Attention
Within just 48 hours, our initial report was viewed by over 100,000 professionals worldwide. The sheer volume of traffic highlights the severity of this exposure – and on a lighter note, it has completely ruined my Google Analytics chart forever.
Our analytics capturing the massive surge in readership over a two-day period.
2. Unstoppable Ethical Disclosures
Our primary mission is to protect organizations. Over the past few days, Security Operations Center (SOC) teams worldwide have proactively reached out to us to verify their exposure. Despite being a tight-knit team of only 11 people, we have worked around the clock to complete a staggering 2,732 ethical disclosures – and that number continues to climb every hour.
The growing number of ethical disclosures our dedicated team has processed so far.
3. Rapid CERT Mobilization
It has been incredibly rewarding to witness the swift response from global Computer Emergency Response Teams (CERTs). We have distributed localized data to various national CERTs, and their rapid mobilization to notify and protect entities within their jurisdictions has been nothing short of impressive.
4. Official Guidance and Widespread Media Coverage
The broader cybersecurity ecosystem quickly amplified the warning. Official guidance leveraging our intelligence was issued by leading national authorities, including the UK’s National Cyber Security Centre (NCSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the Israel National Cyber Directorate (INCD). Additionally, the story was heavily covered by top industry outlets like BleepingComputer, The Hacker News, and TechCrunch.
The UK’s NCSC officially guiding impacted companies to utilize Hudson Rock‘s lookup tool.
Extensive front-page news coverage from outlets like BleepingComputer.
5. Native Cavalier and API Integration
To empower our clients to act immediately, we have natively integrated the full FortiBleed dataset into the Cavalier platform and our API. This allows our cybersecurity customers to instantly query the data and seamlessly disseminate warnings to their own client base without delay.
FortiBleed intelligence natively integrated directly into the Cavalier platform.
Our alert notifying customers of the immediate API availability of the dataset.
The Road Ahead
While the initial rush following the FortiBleed discovery is settling, our work continues. The scale of this compromise highlights the ongoing challenges in cybersecurity, but it has been highly encouraging to see the global community respond so collaboratively. For our team at Hudson Rock, managing this high volume of disclosures is a core part of our mission to help secure the digital ecosystem. We will continue tracking these threats and equipping defenders with the actionable intelligence they need.
Free Look-Up Tool for Affected Organizations
Because of the critical nature of this massive campaign, Hudson Rock is committed to performing ethical disclosures for affected organizations.
We have launched a dedicated portal where companies can verify if their domains are part of this compromised dataset. Following confirmation of impact, organizations can reach out directly through the tool to receive a full ethical disclosure regarding their exposure.
Search Your Domain Now
The free Hudson Rock lookup portal for affected organizations.
Example: Verifying if an organization like Comcast was compromised in the breach.
