BOLDMOVE demonstrates the value of two key things – patching and a defense in depth strategy. As this malware spreads primarily through FortiOS devices, which contain minimal logging capabilities, it can go undetected for large periods of time. Patching, however, would mitigate the threat as the systems would not be vulnerable in the first place. With up to date patching, this malware cannot spread unchecked throughout the environment, making it the best defense against this malware. However, a defense in depth strategy is also important for dealing against threats such as this. As minimal detection capabilities are present on the Fortinet devices, it is important to have detection rules to catch malware such as this at a different portion of the attack chain. A possible detection for this would be to detect the disablement of logging daemons.
https://www.bleepingcomputer.com/news/security/new-boldmove-linux-malware-used-to-backdoor-fortinet-devices/
