APT


We are currently tracking a new ransomware variant sweeping across the globe known as Petya. It is currently having an impact on a wide range of industries and organizations, including critical infrastructure such as energy, banking, and transportation systems. This is a new generation of ransomware designed to take advantage of timely exploits. This current version is targeting the same vulnerabilities that we exploited during the recent Wannacry attack this past May. This latest attack, known as Petya, is something we are referring to as... [Read More]
by RSS Aamir Lakhani  |  Jun 27, 2017  |  Filed in: Industry Trends, Security Research
In the last couple of months, we wrote about the discoveries we found in Dridex, the long-lived banking Trojan that is still quite active in-the-wild. In the blog post, TL;DR, we mentioned the Trojan has equipped with new module that could be used to evade one of the anti-virus products, however, the affected vendor has now released a fix, so we decided to share the details. In this post, we will briefly discuss some of the novel techniques used by the Trojan to evade detection by anti-virus. The Evolution of Anti-Virus Detection Evasions I’m... [Read More]
by RSS Wayne Chin Yick Low  |  Aug 04, 2016  |  Filed in: Security Research
Fortinet’s Advanced Threat Protection (ATP) Framework has once again achieved Advanced Threat Defense (ATD) Certification from ICSA Labs for Q1 of 2016.  We remain one of the four vendors in the entire industry who have achieved this independent certification.Advanced threats represent some of the most difficult security challenges faced by organizations – as well as by the vendors who build tools to detect and stop them. Fortinet has developed the Fortinet Advanced Threat Protection (ATP) Framework to do just that. It is built around the seamless... [Read More]
by RSS Bill McGee  |  Jun 14, 2016  |  Filed in: Industry Trends
NSS Labs released their second annual breach detection system (BDS) test results this week, highlighting a market that is growing at a CAGR of 32%, more than double that of next gen firewalls.  Gartner cites 20 vendors in this competitive space – 9 of them participated in the NSS Labs comparison, giving IT and security decision makers robust, objective data on which to base their purchases. Let’s take a step back, though, and clearly define breach detection systems. Many vendors simply refer to them as sandboxes, but NSS Labs... [Read More]
by RSS Chris Dawson  |  Aug 06, 2015  |  Filed in: Industry Trends
We had to run with the analogy. Because, well, it's a wall. Made of ice. “I am the sword in the darkness. I am the watcher on the walls. I am the fire that burns against the cold, the light that brings the dawn, the horn that wakes the sleepers, the shield that guards the realms of men.” Sends chills, right? The Oath of the Night’s Watch (the version from the book, of course). It’s right up there with “One Ring to rule them all...and in the darkness bind them”. But you knew we couldn’t leave... [Read More]
by RSS Chris Dawson  |  Apr 03, 2015  |  Filed in: Industry Trends
A few weeks ago, we received a file that was being spread as an attachment in a spear phishing email. The sample, which we are detecting as W32/Byanga.A!tr, turns out to be a dropper for a bot which, if active in an organization’s system, has the capability to perform malicious activities that can be very damaging to the targeted organization. This post discusses what this particular malware can do. The Dropper The dropper used a Chinese file name, which translates to “Upcoming Events Schedule”.  It also uses a Microsoft... [Read More]
by RSS Margarette Joven  |  Jan 14, 2015  |  Filed in: Security Research
Emerging threats have created some strange bedfellows in the Cyber Threat Alliance but the group’s work is critical to advancing security in an increasingly connected world. The Cyber Threat Alliance (CTA) has brought together some of the top names (and fiercest competitors) in enterprise security to address emerging challenges and the most serious, complex threats to organizations that the Internet has ever seen. The founding members, Fortinet, McAfee, Palo Alto Networks, and Symantec, have all committed to sharing threat information to better... [Read More]
by RSS Chris Dawson  |  Nov 01, 2014  |  Filed in: Industry Trends
Just take a look at the latest news headlines and you’ll get a strong picture of just how pervasive and, in many ways, elusive the world of cyber security has become. Each week it seems there are reports of new, more insidious attacks. So the idea of “knowing your enemy” isn’t simply a catchy phrase for the team that I now have the privilege of working with. They are called the FortiGuard Labs and when I started at Fortinet just six weeks ago, I quickly realized they are this company’s best-kept secret. Let’s be clear, FortiGuard isn’t... [Read More]
by RSS Karin Shopen  |  Oct 30, 2014  |  Filed in: Industry Trends
When companies grow, their networks grow with them. What naturally follows is a growth in administration. As a Systems Engineer in the Nordics I meet a lot of quickly growing companies and they have a lot in common when it comes to facing the challenges of their rapid growth. Typically they will have very flat network structures and simple security solutions all managed by a single person or a very small team. These small teams are made up of generalists that need to cover everything including virtual environments, storage, networks, firewalls and... [Read More]
by RSS Nils von Greyerz  |  May 14, 2014  |  Filed in: Industry Trends
What's going on? Over the past weekend information became available about a previously-unknown vulnerability in all modern versions of Microsoft's Internet Explorer browser that allow an attacker to remotely execute code without the victim's permission. This can lead to compromise of your system and various malware to be installed. The exploit leverages a technique often used by attackers via Adobe Flash to bypass certain features of IE that are designed to prevent remote code execution (RCE). Why is this a big deal? This vulnerability (which... [Read More]
by RSS Richard Henderson  |  Apr 28, 2014  |  Filed in: Industry Trends