This article is about New Cybersecurity Warning: Ransomware Actors Tied to Lock Bit

Mora_001, a ransomware group linked to LockBit, is the subject of an upcoming discussion. The group has been actively exploiting major vulnerabilities in Fortinet’s FortiOS and FortiProxy products. These security flaws have allowed attackers to gain unauthorized access to systems, leading to the deployment of a new type of ransomware called SuperBlack. Organizations with exposed FortiGate firewalls have been the targets of these attacks since late January 2025. In response, Fortinet has released patches and is urging users to update their systems immediately

Technical Details

Vulnerabilities Involved

(1)        CVE-2024-55591.     

Fortinet has identified a critical authentication bypass vulnerability in its FortiOS (versions 7.0.0-7.0.16) and FortiProxy (versions 7.0.0-7.0.19 and 7.2.0-7.2.12) products. This flaw allows a remote attacker to achieve super-admin access by exploiting a weakness in the Node.js WebSocket module. The vulnerability can lead to unauthorized code or command execution

(2)        CVE-2025-24472.    

A related high-severity authentication bypass vulnerability, impacting the same product versions, was identified through victim reports during Forescout’s investigations. This issue is fixed by the same patch that also addresses CVE-2024-55591  

Attack Methodology

• Attackers exploited the mentioned vulnerabilities to get unauthorized access with super-admin privileges.
• Attackers created new privileged accounts, using names like forticloud-tech, fortigate-firewall, and administrator.
• For firewalls with VPN capabilities, the attackers created local user accounts that mimicked legitimate users. This was done to maintain persistent access to the compromised systems.
• In their attacks, the threat actors used the high availability (HA) configuration of the firewalls to their advantage. By compromising one device, they could automatically spread their access to other firewalls within the same cluster. This tactic allowed them to compromise additional devices without needing to attack them individually. 
• The group’s final step was to deploy the SuperBlack ransomware. This variant, based on the LockBit 3.0 builder, is designed for double extortion by first stealing data and then encrypting files. It also includes a custom wiper tool to erase traces of the ransomware executable, making it harder to investigate.

Recommendations

All Fortinet administrators/users are urged to update their products as mentioned below:

a.         Upgrade FortiOS to version 7.0.17 or later.

b.         Upgrade FortiProxy to version 7.2.13 or later or 7.0.20.

c.         Remove the firewall’s web-based management interface from public internet exposure.

d.         Regularly review administrative accounts for unauthorized additions or changes.

e.         Monitor for unexpected configuration changes and unauthorized login attempts.

f.          Be vigilant for indicators of compromise, such as unusual automation tasks or unexpected VPN connections.

g.         Implement strict network segmentation to limit lateral movement opportunities for attackers.

h.         Enforce multi-factor authentication (MFA) for all administrative access.

Conclusion

The recent activities of Mora_001 highlight the growing sophistication of ransomware actors tied to LockBit, particularly their ability to exploit critical vulnerabilities in widely used security products. The deployment of SuperBlack ransomware demonstrates the severe risks organizations face when systems remain unpatched or exposed. Timely updates, strict access controls, and proactive monitoring are essential to defend against these evolving threats. Organizations should treat this advisory with urgency, as the combination of double extortion and stealthy persistence techniques makes this campaign especially dangerous. Staying vigilant and applying Fortinet’s recommended patches is the most effective defense against these attacks

The Top Soft Skills for IT Professionals in 2025

Important Soft Skills –

1- Communication & Collaboration: Effective communication is critical in modern IT projects, which require seamless collaboration between developers, designers, project managers, and business stakeholders.  It is essential to be able to communicate intricate technical concepts in simple terms.

2- Adaptability & Lifelong Learning: The technology landscape is constantly evolving, with new languages, frameworks, and security threats emerging every year.  The ability to adapt quickly and commit to lifelong learning is no longer a bonus – it’s a fundamental requirement.

3- Problem-Solving & Critical Thinking: While AI can solve many problems, it relies on human input to identify the right questions to ask.  Critical thinking and problem-solving skills are uniquely human and remain in high demand.

 4- Emotional Intelligence (EQ): EQ is a superpower in the workplace because it enables professionals to recognize and influence the emotions of others as well as understand and manage their own emotions. A high EQ helps navigate team conflicts, provide effective feedback, and build stronger relationships with clients.

 5- Leadership & Mentorship: Effective leaders and mentors are essential in the IT industry, particularly as teams grow and technology becomes more complex.  A great leader inspires others, fosters a positive work environment, and helps junior team members grow.

Additional Soft Skills to Master

Creativity: Encourages new and better solutions, helps design user-friendly applications, and makes problem-solving more effective.

Time Management: Enables professionals to prioritize tasks, manage deadlines, and reduce stress.

Interpersonal Skills: Builds stronger relationships in the workplace, contributes to better customer service, and fosters a more positive work environment.

Active Listening: Allows professionals to participate in team meetings, acknowledge others’ ideas, and build upon them.

Attention to Detail: Ensures accuracy and quality in work, reducing mistakes and misunderstandings.

Continuous Learning: Enables professionals to stay updated with the latest trends, technologies, and products.

Perseverance: Aids professionals in emotion management, stress reduction, and improved crisis response. Why Soft Skills Matter in IT

For a career in the IT sector, soft skills are necessary. They provide expertise in communication, work ethic, and leadership, and are critical for success in today’s fast-paced and ever-changing tech landscape.  By investing in soft skills, IT professionals can:-

 – Improve teamwork and relationship building

 – Enhance customer satisfaction

 – Improve efficiency and productivity – Develop effective solutions to complex problems

 – Build stronger relationships with clients and stakeholders

 Enhancing People Skills Developing soft skills requires a strategic approach. 

Here are some tips:

Identify areas for improvement: Recognize your strengths and weaknesses and focus on developing the skills that are most important for your career.

Practice and feedback: Practice your soft skills and seek feedback from others to improve.

Training and development: Take advantage of training programs and workshops to develop your soft skills.

Mentorship: Seek guidance from experienced professionals who can provide valuable insights and advice

Conclusion:

By mastering these soft skills, IT professionals can position themselves for success in 2025 and beyond.  Whether you’re just starting your career or looking to take your skills to the next level, investing in soft skills is a crucial step towards achieving your goals.

In the world of cloud computing, IT leaders are faced with a crucial decision that goes beyond simply migrating data to the cloud. The choice between a cloud-enabled and a cloud-native strategy can fundamentally impact an organization’s agility, scalability, and long-term success. While both approaches leverage cloud technology, they differ significantly in their philosophy and architecture. Understanding this distinction is vital for making informed strategic decisions.

What is Cloud-Enabled?

Cloud-enabled, or “lift-and-shift,” refers to the process of taking an existing application and moving it to the cloud without significant architectural changes.

• • Focus: Migrating existing on-premise applications to a cloud infrastructure like AWS, Azure, or Google Cloud.

• • Methodology: The application’s core architecture (e.g., monoliths, legacy databases) remains the same.

• • Benefits:
    
    • • Speed: It’s a relatively fast way to leverage the cloud’s scalability and reduce on-premise hardware costs.
    • • Minimal Disruption: Requires less re-engineering, which can be less complex in the short term.

• • Drawbacks:
    
    • • Limited Optimization: Applications often can’t fully utilize cloud benefits like elastic scaling or serverless functions.
    • • Increased Costs: Can be more expensive in the long run as it doesn’t optimize for cloud-specific cost models.

What is Cloud-Native?

Cloud-native, in contrast, is an approach to building and running applications that are specifically designed for the cloud. These applications take full advantage of cloud services and the cloud delivery model.

• • Focus: Building new applications from the ground up or re-architecting existing ones to use cloud-native principles.

• • Methodology: Utilizes technologies like containers (e.g., Docker, Kubernetes), microservices, serverless computing, and CI/CD (Continuous Integration/Continuous Delivery).

• • Benefits:
    
    • • High Scalability: Applications can scale dynamically and automatically to handle varying loads.
    • • Resilience: Designed with built-in redundancy and fault tolerance.
    • • Agility: Microservices architecture allows for faster development cycles and independent deployment of components.

• • Drawbacks:
    
    • • Complexity: Requires a significant investment in new skills, tools, and a cultural shift.
    • • Time-Consuming: The initial re-architecture phase can be a lengthy and resource-intensive process.

The Strategic Decision for IT Leaders

Choosing between cloud-enabled and cloud-native is not a one-size-fits-all solution.

• • When to go Cloud-Enabled: This approach is best for non-critical legacy applications or when the primary goal is a rapid data center exit. It provides an immediate cost benefit without a major development overhaul.

• • When to go Cloud-Native: This is the ideal strategy for mission-critical applications and new development projects. While it requires a greater initial investment, the long-term benefits in agility, resilience, and scalability are substantial. For IT leaders, it’s about shifting the focus from simply “using the cloud” to truly “living in the cloud.”

Conclusion

The distinction between cloud-enabled and cloud-native represents the difference between a simple migration and a transformative strategy. While cloud-enabled offers a quick path to the cloud, cloud-native provides the architectural foundation needed to unlock its full potential. By understanding these two models, IT leaders can make strategic choices that will ensure their organizations are not just in the cloud, but are positioned to lead the digital future.

Cloud-Native vs Cloud-Enabled: Key Insights for IT Leaders

Discover the difference between cloud-enabled and cloud-native strategies. Learn which approach IT leaders should choose for scalability, agility, and success.

cloud-native, cloud-enabled, IT leaders, cloud migration, cloud computing, lift and shift, microservices, serverless, Kubernetes, digital transformation, enterprise cloud strategy