FortiGuard Labs


As the Internet and Digital Economy have grown up, the humble Firewall has continued to serve as their go-to security appliance. In this first of a two-part series, we will examine how, in spite of the evolution of the Firewall through a number of shapes, functions, and roles, it remains the security foundation for implementing the strategic pillars of Segmentation, Access Control, and Real-time analytics/action now and into the future. Change is a fact of life; what doesn’t change usually withers and dies. This is true for both the biological... [Read More]
by RSS Phil Quade  |  Jul 21, 2017  |  Filed in: Industry Trends
Q: You joined Fortinet recently after three decades in cybersecurity roles in government, including most recently the NSA. What has that experience taught you about the nature and scope of the threats that organizations face these days? Some people say that street cops and detectives see an especially negative view of humanity, because, more often than not, they are called to assist with an unlawful or sad situation.  Similarly, coming from the foreign intelligence business, you get a first-hand view of what foreign adversaries aspire to... [Read More]
by RSS Darlene Gannon  |  Jul 18, 2017  |  Filed in: Industry Trends
As human beings, we are continually looking for knowledge or information to help improve any situation. If we live or work in a crowded city, for example, we want to know which routes are best to avoid getting stuck in traffic. When we enter a restaurant or movie theater we look for the exits. And when suspicious looking person enters the room, part of our mind automatically keeps track of him. This behavior is known as situational awareness, and it’s second nature to most of us. But while such behavior often occurs in our everyday... [Read More]
by RSS Anthony Giandomenico  |  Jun 27, 2017  |  Filed in: Industry Trends
This past June 17th and 18th, 2017, Google hosted their second annual Capture The Flag (CTF) competition. The Google team created security challenges and puzzles that contestants were able to earn points for solving. It’s a clever way to leverage the security community to help protect Google users, and the web as a whole. Last year, over 2,400 teams competed, and this year the number was even higher. FortiGuard Labs decided to pull together a team and then write up a report on the experience. So, first things first, this challenge was... [Read More]
by RSS Kushal Arvind Shah  |  Jun 21, 2017  |  Filed in: Security Research
Summary On March 24 2017, I discovered and reported on a remote password change vulnerability in Hewlett-Packard Enterprise’s (HPE) Vertica Analytic Database. This week, HPE released Security Bulletin HPESBGN03734, which contains the fix for this vulnerability and identifies it as CVE-2017-5802. Fueled by ever-growing volumes of Big Data found in many corporations and government agencies, HPE’s Vertica Analytics Platform provides an SQL analytics solution built from the ground up to handle massive volumes of data and delivers blazingly... [Read More]
by RSS Honggang Ren  |  Apr 20, 2017  |  Filed in: Security Research
Fortinet is proud to announce today the results from International Data Corporation’s (IDC) latest Worldwide Quarterly Security Appliance Tracker. The 2016Q4 and historical report data reinforces Fortinet’s continued leadership within the security industry by once again shipping the most security appliances, which also further strengthens our industry-leading global network of threat intelligence sensors. [Read More]
by RSS Bill McGee  |  Apr 03, 2017  |  Filed in: Industry Trends
In an effort to provide more proactive protections in Fortinet products and to more effectively identify and defeat network threats, the Fortinet security research team works on discovering potential threats in popular products. As a result, over the past year we have discovered 84 vulnerabilities that have been reported to their respective vendors as part of our responsible vulnerability disclosure process. Fortinet protections against these discoveries were released to Fortinet products at the same time these vulnerabilities were reported to their... [Read More]
by RSS Peixue Li  |  Feb 21, 2017  |  Filed in: Security Research
Shamoon Timeline The Shamoon virus, also known as Disttrack, surfaced for the first time back in 2012 targeting Middle East Oil companies. It leveraged stolen credentials to gain access, and then exhibited worm-like behavior to spread throughout the entire targeted network. All Shamoon attacks were clearly very carefully planned beforehand, as the attackers had to gain access to legitimate credentials before launching the attack. While most modern malware are focused on monetizing through any way possible, from bitcoin mining to the current... [Read More]
by RSS Douglas Jose Pereira dos Santos, Artem Semenchenko  |  Dec 07, 2016  |  Filed in: Security Research
There have been numerous cases where advanced malware has been linked to significant data breaches. Malware authors employ a variety of techniques to hide their malicious intent, including the use of packing utilities to create “packed malware.” Ladi Adefala, Senior Security Strategist at Fortinet, explains how a real time sandbox can change the game with regard to defending against these sophisticated attacks. What is Packed Malware? Packed malware is one of the most common types of advanced malware, carefully designed to evade... [Read More]
by RSS Ladi Adefala  |  Dec 07, 2016  |  Filed in: Security Q & A
  One month ago we captured a Word document infected with malicious VBA code, which was detected as WM/Agent!tr by the Fortinet AntiVirus service. Its file name is InternalFax.doc, and its MD5 is 4F2139E3961202B1DFEAE288AED5CB8F.  By our analysis, the Word document was used to download and spread the botnet TrickBot. TrickBot aims at stealing online banking information from browsers when victims are visiting online banks. The targeted banks are from Australia, New Zealand, Germany, United Kingdom, Canada, United States, Israel, and... [Read More]
by RSS Xiaopeng Zhang  |  Dec 06, 2016  |  Filed in: Security Research