threat research | Page 2


In our last post [Round up of 2016 IoT Threats] we compared 2015 and 2016 global threat telemetry for IoT devices collected by our FortiGuard Labs. In this post, we will examine why home routers had a such a huge increase in IPS signature hits in 2016, when compared to 2015. Home Routers In 2015, home routers had the most IPS signature hits at around 821,000. But this number exploded exponentially in 2016, to more than 25 billion hits. We can see the exponential increase more clearly when we compare both years using a size comparison chart... [Read More]
by RSS Gavin Chow  |  Mar 13, 2017  |  Filed in: Security Research
The world never stands still. In the technology space, this means that constant innovation and discovery is the key to a solution provider’s survival and growth. In the cybersecurity arena, this creed is even more vital. Many hackers are brilliant people. There’s only one way to get the better of them – be even more brilliant. And faster and more creative. Which is why R&D is crucial in the security technology business. Cybersecurity solution providers must deliver open, integrated security and networking technologies... [Read More]
by RSS Michael Xie  |  Feb 27, 2017  |  Filed in: Industry Trends
In an effort to provide more proactive protections in Fortinet products and to more effectively identify and defeat network threats, the Fortinet security research team works on discovering potential threats in popular products. As a result, over the past year we have discovered 84 vulnerabilities that have been reported to their respective vendors as part of our responsible vulnerability disclosure process. Fortinet protections against these discoveries were released to Fortinet products at the same time these vulnerabilities were reported to their... [Read More]
by RSS Peixue Li  |  Feb 21, 2017  |  Filed in: Security Research
Given the popularity and success of ransomware, it is no surprise that malware authors have been developing more ransomware than ever before. Last year’s cost of ransomware attacks reached $1 billion, which not only shows how this affects businesses, but for cybercriminals the potential pay-out for cyber-extortion can be very lucrative. The rise of ransomware infections may also be attributed to the attractiveness growing availability of Ransomware-as-a-Service (Raas). Ransomware authors posts are now developing user-friendly... [Read More]
by RSS Rommel Joven  |  Feb 16, 2017  |  Filed in: Security Research
Remcos is another RAT (Remote Administration Tool) that was first discovered being sold in hacking forums in the second half of 2016. Since then, it has been updated with more features, and just recently, we’ve seen its payload being distributed in the wild for the first time. This article demonstrates how this commercialized RAT is being used in an attack, and what its latest version (v1.7.3) is capable of doing. Remcos is currently being sold from $58 to $389, depending on the license period and the maximum number of masters or clients... [Read More]
by RSS Floser Bacurio and Joie Salvio  |  Feb 14, 2017  |  Filed in: Security Research
I recently bought a new car with all the bells and whistles. It warns me if I stray out of my lane. It warns me if there is a car in my blind spot. It has adaptive cruise control that slows down if a car pulls in front of me. When I back up, it alerts me of cross traffic, even pedestrians and dogs. It monitors road conditions and automatically enables all-wheel drive if roads are wet or conditions are cold or icy. And that’s just the start. It has collision detection, and automatic braking, and a fully connected entertainment and communications... [Read More]
by RSS Anthony Giandomenico  |  Feb 06, 2017  |  Filed in: Industry Trends
Sage 2.0 is the new kid on an already crowded block of ransomware, demanding hefty ransom of 2.22188 bitcoins (roughly 2000 USD) per infection. We have recently begun seeing this malware being distributed by the same malicious spam campaigns that serve better-known ransomware families, such as Cerber and Locky. In this article we will take a closer look at some notable characteristics of this new threat, and provide some simple ways to mitigate it. Spam Campaign Sage ransomware has been seen spreading through the usual spam email channels... [Read More]
by RSS Floser Bacurio, Joie Salvio, Rommel Joven  |  Feb 02, 2017  |  Filed in: Security Research
FortiGuard is currently investigating a new wave of attacks targeting kingdom of Saudi Arabia organizations that use an updated version of the Shamoon malware (also known as DistTrack.) We described this malware in detail a few months ago in a previous article. The key features of that version remain the same, yet some voluntary changes are taking place: Images used. Shamoon still overwrites files with an image of the drowned Syrian toddler Alan Kurdi, but this time the picture size is different. In November 2016 it was using a picture... [Read More]
by RSS Artem Semenchenko  |  Jan 30, 2017  |  Filed in: Security Research
Introduction A new update of Cerber Ransomware, Cerber 5.0.1, has just arrived, appearing shortly after Cerber 5.0.0. had been released. Cerber 5.0.1 handles multithreading differently when it comes to encrypting files, probably aiming for better performance. It also changes the instruction file name from “README.hta” to “_README_.hta”.  The intention of this might be to avoid simple AV detection, such as checking instruction file names. The major updates in the new version are described in the following sections.  New... [Read More]
by RSS Sarah Wu, Jacob Leong  |  Dec 02, 2016  |  Filed in: Security Research
With the growth and pervasiveness of online devices and digital tools, we reached a critical tipping point in 2016. The need for accountability at multiple levels is urgent and real and affects us all. If something isn’t done, there is a real risk of disrupting the emerging Digital Economy.   Even in recent weeks, IoT devices were hijacked to shut down a huge section of the Internet. Stolen documents were used in an attempt to influence the US presidential election. Ransomware began to reach epidemic proportions, including high... [Read More]
by RSS Derek Manky  |  Nov 21, 2016  |  Filed in: Industry Trends, Security Research