Security Research


While new, innovative threats continue to pop up on almost daily, our latest Global Threat Landscape Report reveals that long known and yet still unpatched vulnerabilities continue to serve as the primary gateway for attacks, with organizations reporting an average of 274 attacks per firm – a 82% increase over the previous quarter. This alarming trend emphasizes that while remaining vigilant for new threats and vulnerabilities in the wild is critical, organizations also need to stay focused on what is happening within their own environment. [Read More]
by RSS Derek Manky  |  Feb 22, 2018  |  Filed in: Industry Trends, Security Research
In preparation for our talk entitled “IoT: Battle of Bots” at the RootedCon Security conference that will be held in Madrid, Spain this March 2018, the FortiGuard Labs team encountered yet another new Mirai variant. [Read More]
by RSS Jasper Manuel, Rommel Joven, Dario Durando  |  Feb 21, 2018  |  Filed in: Security Research
Over the past few years, a new development has occurred: predictive software systems are being programmed using artificial intelligence techniques. The latest advances in these kinds of tools use swarm technology to leverage massive databases of expert knowledge comprised of billions of constantly updated bits of data in order to make accurate predictions. [Read More]
by RSS Derek Manky  |  Feb 21, 2018  |  Filed in: Industry Trends, Security Research
While still relatively unusual, security researchers report a 600% upsurge in steganographically-based attacks in 2017. Cybersecurity attackers use steganography to inject malicious content to slip past security defenses and exfiltrate misappropriated content from compromised systems. [Read More]
by RSS Jeannette Jarvis  |  Feb 21, 2018  |  Filed in: Security Research
FortiGuard Labs just released our latest Quarterly Threat Landscape report for Q4 of 2017. As usual, there are a lot of take-aways for CISOs, but a few items stood out. In particular, attacks were up per firm by 82% and swarm cyber attacks targeted the Internet of Things (IoT) with growing intensity. [Read More]
by RSS FortiGuard SE Team  |  Feb 20, 2018  |  Filed in: Industry Trends, Security Research
At the beginning of February 2018, FortiGuard Labs collected an email. The email message contains an order tracking number with a fake hyperlink that downloads a jar malware. After a quick analysis, I was able to determine that it is the jRAT/Adwind malware. [Read More]
by RSS Xiaopeng Zhang  |  Feb 16, 2018  |  Filed in: Security Research
On 6th December 2017, FortiGuard Labs discovered a compromised website - acenespargc[.]com. Looking into the source code, we noticed a suspicious encrypted script which the uses eval() function to convert all the characters into numbers. We used a tool called CharCode Translator to reverse the numbers back into characters. We were then able to retrieve a link which redirects to a scam page or phishing website. Part 1   Part 2 The above is just a simple example. The threat actor can actually... [Read More]
by RSS Eric Chong  |  Feb 07, 2018  |  Filed in: Security Research
Satori, a Mirai based IoT bot, has been one of the most actively updated exploits in recent months. It is believed that the hacker behind this bot is also the author of other Mirai variants, known as Okiru, and Masuta. FortiGuard Labs researchers recently observed a new Satori version that had added a known exploit chain (one which had been used in the past by the Persirai bot) to enable it to spread to vulnerable devices, particularly, wireless IP cameras that run a vulnerable custom version of the GoAhead web server. [Read More]
by RSS David Maciejak, Jasper Manuel and Rommel Joven  |  Feb 02, 2018  |  Filed in: Security Research
Educational institution networks continue to be a favorite playground for cybercriminals. Because of the age and interests of the majority of educational users, these networks tend to incorporate cutting edge technologies and strategies. [Read More]
by RSS Tony Giandomenico  |  Jan 31, 2018  |  Filed in: Industry Trends, Security Research
Over the last few weeks, ASUS released a series of patches aimed at addressing a number of vulnerabilities discovered in their RT routers running AsusWRT firmware. The models listed at the end of this post are known to be vulnerable. If you are not sure which model or firmware you are using, I recommend double-checking the ASUS support website to get the latest information and updates. [Read More]
by RSS David Maciejak  |  Jan 30, 2018  |  Filed in: Security Research