![[February 2026] AI Powers 600+ FortiGate Hacks & ATM Jackpots — Threat Digest](/og-image.svg)
Threat actors just cracked over 600 FortiGate devices across 55 countries. No zero-days required. Just dumb, exposed management ports and passwords weaker than your grandma’s Wi-Fi.
Tony Anscombe, ESET’s sharp-eyed evangelist, drops this bombshell in his February 2026 roundup. It’s the kind of wake-up call that makes you check your own firewall—right now. Amazon Threat Intelligence spilled the beans: bad guys leaned on commercial generative AI tools to supercharge their attacks. Not some sci-fi hack. Basic misconfigs, amplified by AI smarts.
Why Are We Still Talking About Weak Credentials in 2026?
Here’s the thing. We’re two months into the future, and cybersecurity’s regressing to 2010. Attackers probe for open ports, guess ‘admin/admin,’ and waltz in. AI? It’s their cheat code now—generating tailored phishing, scripting probes faster than any human. Amazon’s report nails it:
Threat actors misused commercial generative AI tools to compromise more than 600 FortiGate devices located in 55 countries. Rather than specific vulnerabilities, the attacks exploited exposed management ports and weak credentials without two-factor authentication.
Pathetic. Fortinet gear’s everywhere in enterprises. If you’re skipping 2FA, you’re not securing—you’re begging.
But wait. ESET’s own researchers uncovered PromptSpy, Android malware pulling the same trick. First known case of GenAI abused for context-aware UI manipulation. Your phone’s interface? Hijacked on the fly, all thanks to sneaky prompts fed into AI services.
FBI’s yelling about ATM jackpotting too. Malware turns cash machines into slot-machine fountains, spewing bills for criminals. U.S. operators, heads up—jackpotting’s surging. It’s not high-tech wizardry; it’s old-school infection vectors meeting modern greed.
And Poland’s CERT? They dissected attacks on 30+ critical infrastructure outfits. ESET dug into a wiper hitting an energy firm. Remember Stuxnet? This feels like its sloppy cousin—wiper malware torching data, likely state-backed grudge. Businesses, your SCADA systems aren’t invincible.
Look, Tony’s video spells out lessons, but I’m not holding my breath. History rhymes here: think 2014’s Heartbleed chaos, where patches existed but laziness killed. Fast-forward to 2026, and AI’s the wildcard. My bold call? By 2027, we’ll see nation-states mandating AI-audit clauses in vendor contracts—because voluntary “best practices” are a joke.
Is Generative AI the New Malware Multiplier?
Absolutely. PromptSpy’s debut proves it. Malware doesn’t just steal data anymore—it chats with AI to mimic your screen, adapt in real-time. Android users, that free app you sideloaded? Could be rewriting buttons under your nose.
ESET’s analysis: attackers query GenAI services remotely, feeding screenshots for instant UI tweaks. Stealthy. Effective. And we’re lightyears behind defenses. Antivirus? Cute. We need AI-aware behavioral guards—now.
Corporate spin? Vendors’ll hype “AI-powered security.” Translation: same old signatures, fancier marketing. Don’t buy it. Real fix is hygiene: segment networks, enforce 2FA, audit AI tool access. Duh.
ATM Jackpotting: Cash Spews and FBI Warnings
Picture this: criminals infect ATMs with malware, remotely trigger “jackpot” mode. Bills fly out—hundreds per hit. FBI’s warning U.S. operators: it’s rampant. Why? Aging machines, unpatched OSes, physical access via skimmers.
Short para for emphasis: Lock your ATMs.
Deeper dive—jackpotting’s evolved from brute-force drills to software elegance. Malware like Ploutus or Cutlet Maker’s cousins now phone home for payouts. Operators skimping on EMV chips or air-gapped updates? You’re funding the heist.
Poland’s Infra Attacks: Echoes of Cyberwar
CERT Poland’s late-Jan report (still reverberating) details hits on energy, transport, more. ESET’s wiper breakdown? Sophisticated persistence, data exfil before wipe. Targets screamed geopolitics—think Russia-Ukraine spillover.
Unique angle: this mirrors 2022’s Costin wiper barrage. Same playbook, refined tools. Prediction—2026 sees hybrid attacks blending wipers with ransomware, forcing payouts mid-chaos. Critical sectors, bunker down or burn.
Lessons? Segment OT networks. Train staff on phishing—AI-boosted ones. And for god’s sake, patch.
Tony wraps with a nod to his January edition. Solid. But action beats analysis. Businesses, audit FortiGates today. Enable 2FA. Kill exposed ports. Or join the 600-club.
Dry humor aside—this month’s stories scream complacency’s cost. AI’s democratizing crime. Wake up.
What Does PromptSpy Do Exactly?
Android malware queries GenAI with screenshots, gets back manipulated overlays. Buttons shift, phishing blends smoothly. ESET caught it cold—first of its breed.
How to Stop FortiGate Management Port Attacks?
Firewall the interfaces. Mandate 2FA. Rotate creds. Hunt for anomalies with EDR. Simple. Effective.
🧬 Related Insights
- Read more: Mandiant’s 2026 Blueprint to Stop Data-Wiping Nightmares
- Read more: Unified Exposure Management: AI Hype or Real Shield?
Frequently Asked Questions
What is PromptSpy malware? ESET’s discovery: Android trojan using GenAI for dynamic UI tricks, evading detection by adapting to your interface.
How did hackers breach 600 FortiGate devices? Exposed admin ports + weak/no 2FA. AI tools helped scale the brute-force.
Are ATM jackpotting attacks increasing? Yes, FBI warns U.S. operators of malware-driven cash spews—update and secure your machines.
