fortiguard


Over the last couple of years, cyberattacks have evolved in both scale and effectiveness, affecting organizations across all industries and geographic regions. Successful cyberattacks are a growing industry-wide problem in spite of billions being spent on cybersecurity solutions. Part of the reason is that new techniques- and in fact a mature supporting cybercrime ecosystem- for penetration and evading detection have reduced the effectiveness of many traditional defenses. The lingering effects of a successful attack often have devastating consequences,... [Read More]
by RSS Michael Xie  |  Oct 17, 2017  |  Filed in: Business and Technology
Recently, FortiGuard Labs found a phishing campaign targeting French Nationals. In this campaign, a PDF file with an embedded javascript is used to download the payload from a Google Drive shared link. As it turns out, the downloaded file is an HTA (HTML Application) file, a format that is becoming more and more common as a malware launch point. It is usually used as a downloader for the actual binary payload. However in this campaign,... [Read More]
by RSS Joie Salvio and Rommel Joven  |  Oct 12, 2017  |  Filed in: Security Research
We have seen from the previous two posts on cybersecurity and AI the importance of using advanced technology to stay ahead of cybercriminals. But far too often, a threat transcends the capacity of one particular box, especially when it has been deployed in a discrete place in the network and has been functionally isolated from the rest of the network and other security devices. This is where Fortinet’s innovations around collaboration are paramount. Regardless of the physical location of a doiscovered security event, FortiGuard Labs teams... [Read More]
by RSS Jack Chan  |  Sep 17, 2017  |  Filed in: Industry Trends
Welcome back to our monthly review of some of the most interesting security research publications. July was very busy with the annual DEFCON and BlackHat US conferences, but also RMLL, the Worldwide Free Software Meeting held this year in France. Past editions: June 2017 May 2017 April 2017 March 2017 Elie Burzstein et al, How We Created the First SHA-1 collision and what it means for hash security video, DEFCON 25 slides and paper With the nickname "Crypto Girl", I obviously had to listen to this... [Read More]
by RSS Axelle Apvrille  |  Sep 07, 2017  |  Filed in: Security Research
The FortiGuard Domain Reputation Service License for FortiDDoS is yet further ammunition to use against the growing threat of the IoT and botnet attacks, which are easier than ever to launch due to proliferation of open source code for such attacks, and growing availability of vulnerable devices. [Read More]
by RSS Hemant Jain  |  Sep 06, 2017  |  Filed in: Business and Technology
Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was being spread through a compromised PowerPoint file. We captured a PowerPoint file named Payment_Advice.ppsx, which is in OOXML format. Once the victim opens this file using the MS PowerPoint program, the malicious code contained in the file is executed. It downloads the Poison Ivy malware onto the victim’s computer and then launches it. In this blog, I’ll show the details of how this happens, what techniques are used by this malware, as well as... [Read More]
by RSS Xiaopeng Zhang  |  Aug 23, 2017  |  Filed in: Security Research
It has just been a week since the variation of Locky named Diablo6 appeared. Now it has launched another campaign more massive than the previous. This time, it uses “.lukitus”, which means “locking” in Finnish, as the extension for the encrypted files. The FortiGuard Lion Team was the first to discover this variant with the help of Fortinet’s advanced  Kadena Threat Intelligence System [1](KTIS) Fig. 1 Encrypted files with .lukitus extension Fig. 2 Familiar Locky ransom note Same Locky, More Spam This... [Read More]
by RSS Joie Salvio, Rommel Joven and Floser Bacurio  |  Aug 17, 2017  |  Filed in: Security Research
Due to the sensitive information housed within medical records (Social Security numbers, addresses, medical claim data etc.), healthcare has always been one of the most frequently targeted industries by cybercriminals. Hackers who successfully steal this data can profit in a big way, as it has high value in the cybercrime black market. As digital capabilities grow within healthcare, so too do the number of vulnerabilities. This upsurge in capabilities and targets can largely be credited to the rise of the Internet of Medical Things (IoMT),... [Read More]
by RSS Susan Biddle  |  Aug 02, 2017  |  Filed in: Industry Trends
The first day here at Black Hat is over. On the expo floor, a number of vendors are promoting that they now provide critical threat intelligence along with the other technologies they provide. Of course, in general, this is a good thing. The biggest challenge organizations have historically faced has been a lack of visibility into their networks, especially cloud and virtualized environments. The challenge, however, is how are organizations supposed to consume, correlate, and make use of all of this information? Dozens of intelligence feeds from... [Read More]
by RSS Anthony Giandomenico  |  Jul 27, 2017  |  Filed in: Industry Trends
The biggest trend in security today seems to be information sharing. Everyone agrees that sharing threat intelligence is key to detecting and stopping attacks. The challenge isn’t that there aren’t enough sources for threat intelligence, but that there is simply too much information being generated, and that includes far too much redundancy. What we need an ecosystem to vet and process the information first – an information exchange and clearing house – like the cyber threat alliance (CTA) that Fortinet helped establish back... [Read More]
by RSS Derek Manky  |  Jul 27, 2017  |  Filed in: Industry Trends