Latest Posts


Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was being spread through a compromised PowerPoint file. We captured a PowerPoint file named Payment_Advice.ppsx, which is in OOXML format. Once the victim opens this file using the MS PowerPoint program, the malicious code contained in the file is executed. It downloads the Poison Ivy malware onto the victim’s computer and then launches it. In this blog, I’ll show the details of how this happens, what techniques are used by this malware, as well as... [Read More]
by RSS Xiaopeng Zhang  |  Aug 23, 2017  |  Filed in: Security Research
Fortinet just released its Global Threat Landscape Report for Q2. Much of the data it provides is just what you’d expect. For example, FortiGuard Labs detected 184 billion total exploit attempts in Q2 from 6,300 unique and active exploits. Not only is this is an increase of 30% over Q1, with the growth of IoT and Shadownet resources we expect these numbers to continue to rise dramatically. In addition, 7 in 10 organizations experienced high or critical exploits during the quarter. By any measure, these are alarming numbers.  [Read More]
by RSS Derek Manky  |  Aug 23, 2017  |  Filed in: Business and Technology, Industry Trends
The Fortinet Security Fabric allows organizations to harness the collective power and intelligence of Fortinet’s portfolio of security solutions to collect and correlate threat intelligence, actively detect and isolate threats, and automate a coordinated response across the entire network. Such an approach allows organizations to extend visibility deep into their infrastructure, and more importantly, into their data, so they know where it is, who and what have access to it. It also allows them to demonstrate compliance... [Read More]
by RSS Drew Del Matto  |  Aug 22, 2017  |  Filed in: Business and Technology, Industry Trends
Today we released our Q2 Global Threat Landscape report for 2017. The data in our quarterly threat analysis is drawn from over 3 million network devices and sensors deployed within live production environments around the world. [Read More]
by RSS Neil Matz  |  Aug 21, 2017  |  Filed in: Industry Trends, Security Research
The healthcare industry requires technology that can keep pace with the speed at which medicine is evolving in order to provide patients with the best possible care. Additionally, this technology must meet HIPAA compliance standards to secure protected health information (PHI) from the growing number cyberattacks targeting the healthcare industry. This comes at a time when more devices than ever are accessing healthcare providers’ networks, including the proliferation of connected medical devices in the Internet of Medical Things (IoMT), and... [Read More]
by RSS Trish Borrmann  |  Aug 18, 2017  |  Filed in: Industry Trends
The K-12 learning environment has moved beyond the physical walls of the classroom thanks to behavioral shifts and digital connectivity. However, robust and speedy network services that are designed to keep student and faculty data secure come with a price tag. The cost of ongoing connectivity and keeping networks secure is a constant barrier for most school districts, but thankfully, the E-rate program gives them an opportunity to do just that. Take a look at the graphic below to see how the classroom environment has evolved, the threats... [Read More]
by RSS Susan Biddle  |  Aug 18, 2017  |  Filed in: Industry Trends
It has just been a week since the variation of Locky named Diablo6 appeared. Now it has launched another campaign more massive than the previous. This time, it uses “.lukitus”, which means “locking” in Finnish, as the extension for the encrypted files. The FortiGuard Lion Team was the first to discover this variant with the help of Fortinet’s advanced  Kadena Threat Intelligence System [1](KTIS) Fig. 1 Encrypted files with .lukitus extension Fig. 2 Familiar Locky ransom note Same Locky, More Spam This... [Read More]
by RSS Joie Salvio, Rommel Joven and Floser Bacurio  |  Aug 17, 2017  |  Filed in: Security Research
In this blog post we will analyze a couple of Android malware samples in the Android VM of the FortiSandbox. We'll also share a few interesting and useful tricks. Running a sample in the VM To run a given sample in the Android VM, you should log into the FortiSandbox, make sure an Android VM is available, and then "Scan Input" / Submit a New File. Next, if the objective is to run the malware in the sandbox, you must make sure to skip "static scan," "AV scan," and "Cloud Query"... [Read More]
by RSS Axelle Apvrille  |  Aug 17, 2017  |  Filed in: Security Research
Fighting Automation with Automation: A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks. [Read More]
by RSS Derek Manky  |  Aug 17, 2017  |  Filed in: Industry Trends
Malicious cyber activity targeted at the nation’s critical infrastructure – including water systems, transportation, energy, finance, and emergency services – are particularly worrisome because the interruption of those services can have devastating effects on our economy, impact the well being of our citizens, and even cause the loss of life. [Read More]
by RSS Phil Quade  |  Aug 16, 2017  |  Filed in: Industry Trends