Latest Posts


San Francisco’s muni fare system was recently hacked, and it turns out that intruders installed ransomware on the system, and demanded money to undo the hack. Some might ask why, despite being located amid a hub of the best brains in cyberspace, didn’t San Francisco muni foresee this coming? But as the saying goes, hindsight is 20/20. A better question to ask is, why are smart cities around the world so prone to such smart attacks? And, what risks can they reasonably foresee, and how do they plan for them? Global Growth and... [Read More]
by RSS Hemant Jain  |  Dec 08, 2016  |  Filed in: Industry Trends & News
Shamoon Timeline The Shamoon virus, also known as Disttrack, surfaced for the first time back in 2012 targeting Middle East Oil companies. It leveraged stolen credentials to gain access, and then exhibited worm-like behavior to spread throughout the entire targeted network. All Shamoon attacks were clearly very carefully planned beforehand, as the attackers had to gain access to legitimate credentials before launching the attack. While most modern malware are focused on monetizing through any way possible, from bitcoin mining to the current... [Read More]
by RSS Douglas Jose Pereira dos Santos, Artem Semenchenko  |  Dec 07, 2016  |  Filed in: Security Research
There have been numerous cases where advanced malware has been linked to significant data breaches. Malware authors employ a variety of techniques to hide their malicious intent, including the use of packing utilities to create “packed malware.” Ladi Adefala, Senior Security Strategist at Fortinet, explains how a real time sandbox can change the game with regard to defending against these sophisticated attacks. What is Packed Malware? Packed malware is one of the most common types of advanced malware, carefully designed to evade... [Read More]
by RSS Ladi Adefala  |  Dec 07, 2016  |  Filed in: Security Q & A
  One month ago we captured a Word document infected with malicious VBA code, which was detected as WM/Agent!tr by the Fortinet AntiVirus service. Its file name is InternalFax.doc, and its MD5 is 4F2139E3961202B1DFEAE288AED5CB8F.  By our analysis, the Word document was used to download and spread the botnet TrickBot. TrickBot aims at stealing online banking information from browsers when victims are visiting online banks. The targeted banks are from Australia, New Zealand, Germany, United Kingdom, Canada, United States, Israel, and... [Read More]
by RSS Xiaopeng Zhang  |  Dec 06, 2016  |  Filed in: Security Research
We recently received a URL through Skype that caught our attention. It was a link belonging to LinkedIn, with our Skype ID as a parameter at the end of the URL. https://www.linkedin.com/slink?code=e2nsPHa#jpulusiv=victimskypeid   Usually, people would be wary when they receive links that look somewhat suspicious. But this link is from LinkedIn, the world’s largest networking site, so it would easy for anyone receiving this to quickly dismiss any thought of it being harmful. And the convincing personalized Skype ID at the... [Read More]
by RSS Nelson Ngu  |  Dec 06, 2016  |  Filed in: Security Research
  Recently, the San Francisco Municipal Transportation Agency, also known as MUNI, was attacked by a new variant of Mamba (a.k.a HDDCryptor) – a disk-encypting ransomware. The incident left their ticketing services with inoperational systems and a note that read, “You Hacked,ALL Data Encrypted,Contact For Key(cryptom27@yandex.com)” Fortinet first discovered Mamba two months ago. Since then, it has been under the radar – until this big attack. We will now take a look at a few irregularities and some new developments... [Read More]
by RSS Joie Salvio  |  Dec 05, 2016  |  Filed in: Security Research
Joe Sykora, Fortinet Vice President of Americas Channels and Sales Operations, gives his perspective on how an integrated security architecture like Fortinet’s Security Fabric creates new opportunities for solution providers. Why is the idea of a security fabric so important to network security in this current environment? These days, companies have to deal with a growing list of issues that put tremendous strain on their security capabilities, including the Internet of Things, virtualization, SDN, a growing portfolio of interactive... [Read More]
by RSS John Welton  |  Dec 05, 2016  |  Filed in: Security Q & A
Introduction A new update of Cerber Ransomware, Cerber 5.0.1, has just arrived, appearing shortly after Cerber 5.0.0. had been released. Cerber 5.0.1 handles multithreading differently when it comes to encrypting files, probably aiming for better performance. It also changes the instruction file name from “README.hta” to “_README_.hta”.  The intention of this might be to avoid simple AV detection, such as checking instruction file names. The major updates in the new version are described in the following sections.  New... [Read More]
by RSS Sarah Wu, Jacob Leong  |  Dec 02, 2016  |  Filed in: Security Research
Recent DDoS and ransomware attacks have grabbed the attention of healthcare organizations around the globe. Read more to find out how. [Read More]
by RSS Susan Biddle  |  Dec 02, 2016  |  Filed in: Industry Trends & News
Ensuring data security in financial services is critical to maintaining a positive reputation. Read this post to find out more. [Read More]
by RSS Brian Forster  |  Dec 01, 2016  |  Filed in: Industry Trends & News