A major challenge facing security vendors today is that most solutions and products are developed based on knowledge of previous threats that already exist. This makes many security solutions reactive by their very design, which is not a tenable strategy for facing the volume of new attacks and strategies arising today. This arms race of identifying new threats, then reacting has been the primary strategy since the dawn of malware: A new virus is identified and then security vendors write the antivirus signature to block it; a polymorphic virus... [Read More]
by RSS Douglas Jose Pereira  |  May 23, 2017  |  Filed in: Security Research
We regularly do deep dive Q&A pieces with our executives to share the leadership perspectives at Fortinet. Read below for an interview with Phil Quade, Fortinet's CISO.  [Read More]
by RSS John Welton  |  May 23, 2017  |  Filed in: Industry Trends & News
​​​​​​​Security strategies need to undergo a radical evolution. Tomorrow’s security devices will need to see and interoperate with each other to recognize changes in the networked environment, anticipate new risks and automatically update and enforce policies. The devices must be able to monitor and share critical information and synchronize responses to detected threats. [Read More]
by RSS Derek Manky  |  May 22, 2017  |  Filed in: Industry Trends & News
For what started as a research network that was largely owned and operated by top universities, the Internet as we know it today has become much more. In 1969, ARPANET carried the first data packets between two separate nodes. During its genesis, ARPANET included the University of California, Los Angeles and the Stanford Research Institute before adding the University of Utah and University of California, Santa Barbara. What began as a 4-node network in 1969 had swelled to include 213 hosts by 1981. From there, it took off.  The Internet’s... [Read More]
by RSS Susan Biddle  |  May 19, 2017  |  Filed in: Industry Trends & News
A perspective blog with Derek Manky, Global Security Strategist, Fortinet. We asked Derek to put WannaCry into context. Is this just the eye of the storm? [Read More]
by RSS Bill McGee  |  May 18, 2017  |  Filed in: Industry Trends & News, Security Research
Android malware continues to grow exponentially now that it has overtaken the top position as the most popular OS (across all platforms), making it the target of choice for malware authors. Android Marcher is an Android banker malware that has been on the FortiGuard Labs radar since late 2013. Since that time it has been seen in a number of campaigns targeting many different banks and countries. And now, Marcher has once again resurfaced with a new campaign. Over the past few months we have observed it masking itself in a variety of ways... [Read More]
by RSS Dario Durando, Kenny Yang, David Maciejak  |  May 17, 2017  |  Filed in: Security Research
The Loki Bot has been observed for years. As you may know, it is designed to steal credentials from installed software on a victim’s machine, such as email clients, browsers, FTP clients, file management clients, and so on. FortiGuard Labs recently captured a PDF sample that is used to spread a new Loki variant. In this blog, we will analyze how this new variant works and what it steals. The PDF sample Figure 1. Content of the PDF sample The PDF sample only contains one page, shown above, which includes some... [Read More]
by RSS Xiaopeng Zhang and Hua Liu  |  May 17, 2017  |  Filed in: Security Research
Tags:
WannaCry FAQ: How does WannaCry spread? WannaCry has multiple ways of spreading. Its primary method is to use the Backdoor.Double.Pulsar backdoor exploit tool released last March by the hacker group known as Shadow Brokers, and managed to infect thousands of Microsoft Windows computers in only a few weeks. Because DoublePulsar runs in kernel mode, it grants hackers a high level of control over the compromised computer system. [Read More]
by RSS Aamir Lakhani  |  May 17, 2017  |  Filed in: Security Research
Over the last few months or years I have reported vulnerabilities on several IoT devices. None have been patched so far, and I think it is time to discuss the situation openly. One of the issues I have faced several times is the zero-security-culture phenomenon. Some of those IoT companies were typically very small and young, with sadly neither the skills nor the resources to fix security issues. For example, I remember sending several vulnerabilities to a given company. I got an automated response for the first email (ok),... [Read More]
by RSS Axelle Apvrille  |  May 17, 2017  |  Filed in: Security Research
  Over the past few days WannaCry malicious malware variants affect hundreds of organizations across the world. This cyberattack spread primarily by exploiting a vulnerability whose manufacturer had issued a critical security update for over two months ago. While there are certainly reasons why it may take an organization some time to patch vulnerable systems, including the risk of updating live systems, two months should be plenty of time for any organization to take appropriate steps to secure their environment. With the recent malware... [Read More]
by RSS Phil Quade  |  May 16, 2017  |  Filed in: Security Research