APT


FortiGuard Labs has been actively monitoring FALLCHILL, validating all its IOCs (indicators of compromise), and providing protection for our customers. In a previous post we provided a high level overview of FALLCHILL. In this research report we dig even further, providing a deep dive analysis of the FALLCHILL Remote Administration Tool (RAT) in order to shed additional light on this threat, and thereby help our customer and the security community at large defend against this threat and similar threats. [Read More]
by RSS Minh Tran  |  Nov 28, 2017  |  Filed in: Security Research
Over the past month, we have all watched with dismay as the islands of the Caribbean and coasts of Texas and Florida were hit with devastating rains and high-speed winds. In the days leading up to the storms’ landfalls, some of the most talented scientific minds deployed astounding levels of technology to assess and communicate the severity of the approaching threats—despite the fact that severe weather is notoriously unpredictable, with inherent uncertainty that makes truly accurate assessment of the threat nearly impossible. In... [Read More]
by RSS Phil Quade  |  Oct 20, 2017  |  Filed in: Industry Trends
In the new digital economy, businesses that are able to adapt will be the most competitive and successful. This will require adopting new technologies, networking systems, and strategies. But many of the emerging technologies and strategies that are being deployed across our networks come with a set of unknowns that are having a huge impact on security. The reason is that traditional approaches to security were never really designed to protect dynamic, borderless, and hyper-connected environments. Many Factors Are in Play For example,... [Read More]
by RSS Matthew Pley  |  Sep 27, 2017  |  Filed in: Industry Trends
We are currently tracking a new ransomware variant sweeping across the globe known as Petya. It is currently having an impact on a wide range of industries and organizations, including critical infrastructure such as energy, banking, and transportation systems. This is a new generation of ransomware designed to take advantage of timely exploits. This current version is targeting the same vulnerabilities that we exploited during the recent Wannacry attack this past May. This latest attack, known as Petya, is something we are referring to as... [Read More]
by RSS Aamir Lakhani  |  Jun 27, 2017  |  Filed in: Security Research
In the last couple of months, we wrote about the discoveries we found in Dridex, the long-lived banking Trojan that is still quite active in-the-wild. In the blog post, TL;DR, we mentioned the Trojan has equipped with new module that could be used to evade one of the anti-virus products, however, the affected vendor has now released a fix, so we decided to share the details. In this post, we will briefly discuss some of the novel techniques used by the Trojan to evade detection by anti-virus. The Evolution of Anti-Virus Detection Evasions I’m... [Read More]
by RSS Wayne Chin Yick Low  |  Aug 04, 2016  |  Filed in: Security Research
Fortinet’s Advanced Threat Protection (ATP) Framework has once again achieved Advanced Threat Defense (ATD) Certification from ICSA Labs for Q1 of 2016.  We remain one of the four vendors in the entire industry who have achieved this independent certification.Advanced threats represent some of the most difficult security challenges faced by organizations – as well as by the vendors who build tools to detect and stop them. Fortinet has developed the Fortinet Advanced Threat Protection (ATP) Framework to do just that. It is built around the seamless... [Read More]
by RSS Bill McGee  |  Jun 14, 2016  |  Filed in: Industry Trends
NSS Labs released their second annual breach detection system (BDS) test results this week, highlighting a market that is growing at a CAGR of 32%, more than double that of next gen firewalls.  Gartner cites 20 vendors in this competitive space – 9 of them participated in the NSS Labs comparison, giving IT and security decision makers robust, objective data on which to base their purchases. Let’s take a step back, though, and clearly define breach detection systems. Many vendors simply refer to them as sandboxes, but NSS Labs... [Read More]
by RSS Chris Dawson  |  Aug 06, 2015  |  Filed in: Industry Trends
We had to run with the analogy. Because, well, it's a wall. Made of ice. “I am the sword in the darkness. I am the watcher on the walls. I am the fire that burns against the cold, the light that brings the dawn, the horn that wakes the sleepers, the shield that guards the realms of men.” Sends chills, right? The Oath of the Night’s Watch (the version from the book, of course). It’s right up there with “One Ring to rule them all...and in the darkness bind them”. But you knew we couldn’t leave... [Read More]
by RSS Chris Dawson  |  Apr 03, 2015  |  Filed in: Industry Trends
A few weeks ago, we received a file that was being spread as an attachment in a spear phishing email. The sample, which we are detecting as W32/Byanga.A!tr, turns out to be a dropper for a bot which, if active in an organization’s system, has the capability to perform malicious activities that can be very damaging to the targeted organization. This post discusses what this particular malware can do. The Dropper The dropper used a Chinese file name, which translates to “Upcoming Events Schedule”.  It also uses a Microsoft... [Read More]
by RSS Margarette Joven  |  Jan 14, 2015  |  Filed in: Security Research
Emerging threats have created some strange bedfellows in the Cyber Threat Alliance but the group’s work is critical to advancing security in an increasingly connected world. The Cyber Threat Alliance (CTA) has brought together some of the top names (and fiercest competitors) in enterprise security to address emerging challenges and the most serious, complex threats to organizations that the Internet has ever seen. The founding members, Fortinet, McAfee, Palo Alto Networks, and Symantec, have all committed to sharing threat information to better... [Read More]
by RSS Chris Dawson  |  Nov 01, 2014  |  Filed in: Industry Trends