Security Research


Yesterday, a new ransomware wreaked havoc across the world. This new malware variant, which combines the functionality of ransomware with the behaviors of a worm, is being called Petya, Petrwrap, and even NotPetya, since researchers are still investigating as to whether its ability to modify the Master Boot Record of a targeted machine is based on the Petya family of malware. Fortinet has designated this new hybrid form of malware as a ransomworm, and this outbreak was reported to use the same worm mechanism to spread across the Internet as WannaCry,... [Read More]
by RSS Margarette Joven  |  Jun 28, 2017  |  Filed in: Security Research
FortiGuard Labs recently captured some malware which was developed with the Microsoft .Net framework. I analyzed one of them, and in this blog, I’m going to show you how it is able to steal information from a victim’s machine. The malware was spread via a Microsoft Word document that contained an auto-executable malicious VBA Macro. Figure 1 below shows how it looks when it’s opened. Figure 1. When the malicious Word document is opened What the VBA code does Once you click the “Enable Content”... [Read More]
by RSS Xiaopeng Zhang  |  Jun 28, 2017  |  Filed in: Security Research
We are currently tracking a new ransomware variant sweeping across the globe known as Petya. It is currently having an impact on a wide range of industries and organizations, including critical infrastructure such as energy, banking, and transportation systems. This is a new generation of ransomware designed to take advantage of timely exploits. This current version is targeting the same vulnerabilities that we exploited during the recent Wannacry attack this past May. This latest attack, known as Petya, is something we are referring to as... [Read More]
by RSS Aamir Lakhani  |  Jun 27, 2017  |  Filed in: Industry Trends, Security Research
    In our last blog in this series, we discussed FortiGuard Labs’ participation in Google’s second annual Capture The Flag (CTF) competition. In this blogpost, I want to share how I solved another challenge, called“ASCII Art Client”. ChallengeDescription For this challenge, participants were given two files: a binary file aart_client and a network capture aart_client_capture.pcap. File1: aart_client File2: aart_client_capture.pcap The goal of the challenge was: This client displays nice... [Read More]
by RSS Honggang Ren  |  Jun 25, 2017  |  Filed in: Security Research
This past June 17th and 18th, 2017, Google hosted their second annual Capture The Flag (CTF) competition. The Google team created security challenges and puzzles that contestants were able to earn points for solving. It’s a clever way to leverage the security community to help protect Google users, and the web as a whole. Last year, over 2,400 teams competed, and this year the number was even higher. FortiGuard Labs decided to pull together a team and then write up a report on the experience. So, first things first, this challenge was... [Read More]
by RSS Kushal Arvind Shah  |  Jun 21, 2017  |  Filed in: Security Research
Summary In December 2016, FortiGuard Labs discovered and reported a WINS Server remote memory corruption vulnerability in Microsoft Windows Server. In June of 2017, Microsoft replied to FortiGuard Labs, saying, "a fix would require a complete overhaul of the code to be considered comprehensive. The functionality provided by WINS was replaced by DNS and Microsoft has advised customers to migrate away from it." That is, Microsoft will not be patching this vulnerability due to the amount of work that would be required. Instead, Microsoft... [Read More]
by RSS Honggang Ren  |  Jun 14, 2017  |  Filed in: Security Research
We aren’t talking about some potential future threat. Our FortiGuard Labs team just reported on a new ransomware variant targeting Mac devices. Which means it’s time to get serious about protecting these (Mac) devices. [Read More]
by RSS Aamir Lakhani  |  Jun 12, 2017  |  Filed in: Security Research
Just recently, we discovered a Ransomware-as-a-service (Raas) that uses a web portal hosted in TOR network which has become a trend nowadays. It is rather interesting to see cybercriminals attack a different operating system other than Windows. And this could be the first time to see Raas that target Mac OS. [Read More]
by RSS Rommel Joven and Wayne Chin Yick Low  |  Jun 09, 2017  |  Filed in: Security Research
There are a couple of important takeaways from our Threat Landscape report. First, while the more high profile attacks have dominated the headlines, the reality is that the majority of threats faced by most organizations are opportunistic in nature. Criminals tend to target low hanging fruit, so it is critical that you minimize your visible and accessible attack surface. [Read More]
by RSS John Maddison  |  Jun 06, 2017  |  Filed in: Security Research
FortiGuard Labs recently came across a new strain of samples exploiting the CVE-2017-0199 vulnerability. This vulnerability was fixed by Microsoft and the patch was released in April 2017. Due to its simplicity, it can be easily exploited by attackers. It has also been found in-the-wild by other vendors. We have also blogged about some samples recently found in spear phishing attack. While there are plenty of articles discussing this vulnerability, most of them are intended for technical readers and primarily focus on how to create proof-of-concept... [Read More]
by RSS Wayne Chin Yick Low  |  Jun 04, 2017  |  Filed in: Security Research