threat research


Summary On March 24 2017, I discovered and reported on a remote password change vulnerability in Hewlett-Packard Enterprise’s (HPE) Vertica Analytic Database. This week, HPE released Security Bulletin HPESBGN03734, which contains the fix for this vulnerability and identifies it as CVE-2017-5802. Fueled by ever-growing volumes of Big Data found in many corporations and government agencies, HPE’s Vertica Analytics Platform provides an SQL analytics solution built from the ground up to handle massive volumes of data and delivers blazingly... [Read More]
by RSS Honggang Ren  |  Apr 20, 2017  |  Filed in: Security Research
In part 1 of FortiGuard Labs’ analysis of a new variant of the BADNEWS backdoor, which is actively being used in the MONSOON APT campaign, we did a deep technical analysis of what this backdoor of capable of and how the bad guys control it using the command and control server. In this part of the analysis, we will try to discover who might be behind the distribution of these files. [Read More]
by RSS Jasper Manuel and Artem Semenchenko  |  Apr 05, 2017  |  Filed in: Security Research
Three weeks ago, FortiGuard Labs, along with @_ddoxer (Roland de la Paz), using VirusTotal Intelligence queries, spotted a document with the politically themed file name (Senate_panel.doc). This malicious RTF file takes advantage of the vulnerability CVE-2015-1641. [Read More]
by RSS Jasper Manuel and Artem Semenchenko  |  Apr 05, 2017  |  Filed in: Security Research
In our last post [Round up of 2016 IoT Threats] we compared 2015 and 2016 global threat telemetry for IoT devices collected by our FortiGuard Labs. In this post, we will examine why home routers had a such a huge increase in IPS signature hits in 2016, when compared to 2015. Home Routers In 2015, home routers had the most IPS signature hits at around 821,000. But this number exploded exponentially in 2016, to more than 25 billion hits. We can see the exponential increase more clearly when we compare both years using a size comparison chart... [Read More]
by RSS Gavin Chow  |  Mar 13, 2017  |  Filed in: Security Research
The world never stands still. In the technology space, this means that constant innovation and discovery is the key to a solution provider’s survival and growth. In the cybersecurity arena, this creed is even more vital. Many hackers are brilliant people. There’s only one way to get the better of them – be even more brilliant. And faster and more creative. Which is why R&D is crucial in the security technology business. Cybersecurity solution providers must deliver open, integrated security and networking technologies... [Read More]
by RSS Michael Xie  |  Feb 27, 2017  |  Filed in: Industry Trends & News
In an effort to provide more proactive protections in Fortinet products and to more effectively identify and defeat network threats, the Fortinet security research team works on discovering potential threats in popular products. As a result, over the past year we have discovered 84 vulnerabilities that have been reported to their respective vendors as part of our responsible vulnerability disclosure process. Fortinet protections against these discoveries were released to Fortinet products at the same time these vulnerabilities were reported to their... [Read More]
by RSS Peixue Li  |  Feb 21, 2017  |  Filed in: Security Research
Given the popularity and success of ransomware, it is no surprise that malware authors have been developing more ransomware than ever before. Last year’s cost of ransomware attacks reached $1 billion, which not only shows how this affects businesses, but for cybercriminals the potential pay-out for cyber-extortion can be very lucrative. The rise of ransomware infections may also be attributed to the attractiveness growing availability of Ransomware-as-a-Service (Raas). Ransomware authors posts are now developing user-friendly... [Read More]
by RSS Rommel Joven  |  Feb 16, 2017  |  Filed in: Security Research
Remcos is another RAT (Remote Administration Tool) that was first discovered being sold in hacking forums in the second half of 2016. Since then, it has been updated with more features, and just recently, we’ve seen its payload being distributed in the wild for the first time. This article demonstrates how this commercialized RAT is being used in an attack, and what its latest version (v1.7.3) is capable of doing. Remcos is currently being sold from $58 to $389, depending on the license period and the maximum number of masters or clients... [Read More]
by RSS Floser Bacurio and Joie Salvio  |  Feb 14, 2017  |  Filed in: Security Research
I recently bought a new car with all the bells and whistles. It warns me if I stray out of my lane. It warns me if there is a car in my blind spot. It has adaptive cruise control that slows down if a car pulls in front of me. When I back up, it alerts me of cross traffic, even pedestrians and dogs. It monitors road conditions and automatically enables all-wheel drive if roads are wet or conditions are cold or icy. And that’s just the start. It has collision detection, and automatic braking, and a fully connected entertainment and communications... [Read More]
by RSS Anthony Giandomenico  |  Feb 06, 2017  |  Filed in: Industry Trends & News
Sage 2.0 is the new kid on an already crowded block of ransomware, demanding hefty ransom of 2.22188 bitcoins (roughly 2000 USD) per infection. We have recently begun seeing this malware being distributed by the same malicious spam campaigns that serve better-known ransomware families, such as Cerber and Locky. In this article we will take a closer look at some notable characteristics of this new threat, and provide some simple ways to mitigate it. Spam Campaign Sage ransomware has been seen spreading through the usual spam email channels... [Read More]
by RSS Floser Bacurio, Joie Salvio, Rommel Joven  |  Feb 02, 2017  |  Filed in: Security Research