fortiguard | Page 2


Microsoft Ignite – Australia – Gold Coast Convention and Exhibition February 14-17th https://msftignite.com.au/ Is cloud the new normal for your enterprise? Are you moving more and more applications into the cloud? Have you asked yourself how you are securing your data in this new world of cloud? Scalability and flexibility are the key drivers of Cloud networking and computing. With more and more business transitioning to public cloud environments, the cloud is becoming an increasingly attractive target for hackers... [Read More]
by RSS Katrina Fox  |  Feb 07, 2017  |  Filed in: Industry Trends & News
I recently bought a new car with all the bells and whistles. It warns me if I stray out of my lane. It warns me if there is a car in my blind spot. It has adaptive cruise control that slows down if a car pulls in front of me. When I back up, it alerts me of cross traffic, even pedestrians and dogs. It monitors road conditions and automatically enables all-wheel drive if roads are wet or conditions are cold or icy. And that’s just the start. It has collision detection, and automatic braking, and a fully connected entertainment and communications... [Read More]
by RSS Anthony Giandomenico  |  Feb 06, 2017  |  Filed in: Industry Trends & News
Sage 2.0 is the new kid on an already crowded block of ransomware, demanding hefty ransom of 2.22188 bitcoins (roughly 2000 USD) per infection. We have recently begun seeing this malware being distributed by the same malicious spam campaigns that serve better-known ransomware families, such as Cerber and Locky. In this article we will take a closer look at some notable characteristics of this new threat, and provide some simple ways to mitigate it. Spam Campaign Sage ransomware has been seen spreading through the usual spam email channels... [Read More]
by RSS Floser Bacurio, Joie Salvio, Rommel Joven  |  Feb 02, 2017  |  Filed in: Security Research
Since its discovery in early 2016, we have tracked a number variations of Petya, a ransomware variant famous for multi-stage encryption that not only locks your computer, but also overwrites the Master Boot Record. Petya continues to persist, and in this blog we will take a deeper look at its more complex second stage of attack. Petya overwrites the Master Boot Record (MBR), along with its neighboring sectors using its boot code and a small kernel code. The MBR contains the master boot code, the partition table,... [Read More]
by RSS Raul Alvarez  |  Feb 01, 2017  |  Filed in: Security Research
FortiGuard is currently investigating a new wave of attacks targeting kingdom of Saudi Arabia organizations that use an updated version of the Shamoon malware (also known as DistTrack.) We described this malware in detail a few months ago in a previous article. The key features of that version remain the same, yet some voluntary changes are taking place: Images used. Shamoon still overwrites files with an image of the drowned Syrian toddler Alan Kurdi, but this time the picture size is different. In November 2016 it was using a picture... [Read More]
by RSS Artem Semenchenko  |  Jan 30, 2017  |  Filed in: Security Research
Active users of mobile banking apps should be aware of a new Android banking malware campaign targeting customers of large banks in the United States, Germany, France, Australia, Turkey, Poland, and Austria. This banking malware can steal login credentials from 94 different mobile banking apps. Due to its ability to intercept SMS communications, the malware is also able to bypass SMS-based two-factor authentication. Additionally, it also contains modules to target some popular social media apps. Install the malware The malware masquerades... [Read More]
by RSS Kai Lu  |  Nov 01, 2016  |  Filed in: Security Research
Fortinet has discovered a new open-source PHP ransom malware that has been targeting web sites using a simple encryption algorithm that is effective enough to really frighten web server owners. What is more interesting, however, is the information we have uncovered regarding the possible roots of the attacks/attackers. Basing only on the email address that it uses for ransom negotiations, “japanlocker@hotmail.com”, victims and researchers alike may make an obvious guess where the attacks may have come from. However, our investigation... [Read More]
by RSS Artem Semenchenko and Joie Salvio  |  Oct 19, 2016  |  Filed in: Security Research
We’re into the final quarter of the year, and the cyberthreat landscape continues to be interesting. This week in the Fortinet Threat Intelligence Brief we looked at a number of interesting trends around IoT botnets, continued ransomware problems – both through directed attacks and infected websites, and the spoofing of the Navy Federal US Credit Union. One interesting thing to note is how attacks tend to move from target to target and region to region in waves. This week, for example, we saw a 4X spike in attempts to deliver... [Read More]
by RSS Bill McGee  |  Oct 07, 2016  |  Filed in: Industry Trends & News
Providing holistic, actionable security intelligence across the entire IT infrastructure is critical for the future of cybersecurity. Fortinet’s Matti Blecher offers his perspective here. Can you give us a glimpse into the threat landscape from a threat intelligence point of view? What are customers facing today? One of the biggest security challenges organizations face is being able to see enough of the network to identify today’s most advanced, multi-vector threats. Ideally, you need to be able to see across the distributed network,... [Read More]
by RSS John Welton  |  Sep 29, 2016  |  Filed in: Industry Trends & News
  Another new ransomware has joined the file-encrypting bandwagon. Only this time, instead of choosing what types of files to encrypt, it has decided to join the league of a few others and encrypt the entire disk directly using an open-source tool called DiskCryptor. This is not the first time that disk-encrypting ransomware has hit the spotlight. Earlier this year, Petya ransomware wreaked havoc by encrypting disks through the master file table (MFT), denying access to user files. Unlike that former attack, however, this new ransomware... [Read More]
by RSS Joie Salvio  |  Sep 27, 2016  |  Filed in: Security Research