threat research | Page 3


Fortinet’s FortiGuard Labs cybersecurity threat report takes a look at the nature of attacks – how attackers get in, how they manage to persist inside networks, what they want, and who they are. It also provides insight into three key areas of concern that our FortiGuard Labs team has identified, and they bear reviewing here. 2016 Rio Olympics: Cyberattacks during the Olympic games are not new. We have seen a spike of attacks focused on the Olympics – including targeting vendors and spectators – beginning as far back as the... [Read More]
by RSS Ladi Adefala  |  Aug 01, 2016  |  Filed in: Industry Trends & News
  Cyperine is a VB .NET info stealing malware advertised in hacking forums to retrieve information from victims and sends it to whichever email is entered in the builder. Cyperine version 1.0 was first released in December 2014, and on June 14, 2016 version 2.0 was released. It steals SSFN steam’s authentication files, stored passwords from browsers, user logins, and software product keys installed in the victim’s computer.   Figure 01. Cyperine builder   The seller also provides a skype account for... [Read More]
by RSS Rommel Joven and David Maciejak  |  Jul 07, 2016  |  Filed in: Security Research
A new ransomware targeting Magento Websites was recently discovered by the Malware Hunter Team and Lawrence Abrams. This post intends to share additional findings of the FortiGuard Lion Team, specifically on three areas: 1) KimcilWare’s backdoor capabilities; 2) how can we decrypt files encrypted by KimcilWare and 3) the hacker group who may be behind it. KimcilWare Backdoor Aside from encrypting files, KimcilWare is capable of opening backdoor as well as uploading files to affected sites. The following KimcilWare code snippet shows... [Read More]
by RSS Tien Phan and Roland Dela Paz  |  Apr 01, 2016  |  Filed in: Security Research
Ransomware is a category of malware that scrambles your files or lock your computer while asking for ransom.  We have encountered different versions of ransomware, and seen their effects.  We also have seen a different kind of ransomware that not only holds your computer for ransom, but also infects your files for persistency. Virlock is a ransomware that locks your screen for ransom, while infecting your files with its malicious code. Virlock is an interesting malware not only because it is a ransomware and file infector in one, but... [Read More]
by RSS Raul Alvarez  |  Jan 26, 2016  |  Filed in: Security Research
Phishing works. Not all the time, not every time, but enough of the time. Either because users are in a hurry, are careless, or simply aren’t well-trained enough to recognize an attack, phishing emails catch enough employees and consumers that cybercriminals continue to fire them off by the millions and use them to deliver all manner of malware, lure users to fake or compromised sites and steal personal information. It doesn’t help that phishing emails are becoming increasingly sophisticated. While some are still quite easily recognized... [Read More]
by RSS Chris Dawson  |  Nov 11, 2015  |  Filed in: Industry Trends & News
Fortinet, like most members of the security community, understands that we’re entering uncharted territory as the Internet of Things becomes a mainstream phenomenon. To that end, Fortinet invests significant resources into threat intelligence and researchers who work every day to discover new vectors of attack and strategies for cyber infection before they can be deployed maliciously. One such vector, discovered by Fortinet senior threat researcher, Axelle Apvrille, allows an attacker to inject unauthorized code onto a Fitbit band over... [Read More]
by RSS Derek Manky  |  Oct 23, 2015  |  Filed in: Industry Trends & News
Computer crime has long since gone pro. It’s been years since the computer hacker was a solo act, working out of their basement and defacing web sites for glory. These days it’s all about the money or an agenda, and adversary groups operate like businesses with division of labor and diversification. Criminals are buying up intellectual property, selling personal information and credit card numbers, and even selling their tech support to other hackers. The best way to combat organization is to become organized, and the security community... [Read More]
by RSS Jeannie Warner  |  Jul 16, 2015  |  Filed in: Industry Trends & News
Security has typically fallen under the purview of IT, but it’s time to elevate it to a C-suite level discussion. Seemingly every time we turn around there’s something in the news or on social media about high-profile companies like Target, Sony Pictures, Home Depot and JP Morgan Chase experiencing data breaches -- making them almost commonplace and lowering their shock value as a result. Yet, that’s a compelling reason why organizations need to come together and discuss how to protect their network infrastructure. It’s no... [Read More]
by RSS Esther Shein  |  Jun 10, 2015  |  Filed in: Industry Trends & News
Vawtrak, also known as Neverquest, is a banking trojan that is capable of bypassing 2FA (two factor authentication) on some financial institutions. It is also one of your typical information stealer. One of the main strengths of Vawtrak is its use of layering techniques within its code. Within its layers, Vawtrak employs different armoring strategies such as Anti-Emulator, Anti-Debugger, Anti-Analysis, Encryption/Decryption/Hashing, Compression/Decompression, Garbage collection, and Code injection. TOR 101 The Onion Router, or simply known... [Read More]
by RSS Raul Alvarez  |  Jun 05, 2015  |  Filed in: Industry Trends & News
Tucked deep in the Pacific Northwest, there is a global battle being faught. The battle is over the world’s data and no company is safe. But as Digital Strategy Director, Jonas Tichenor shows us, there is a team of hackers and analysts detecting, analyzing, and stopping attacks, sometimes before they start! [Read More]
by RSS Jonas Tichenor  |  Apr 20, 2015  |  Filed in: Behind the Firewall