Fortinet recently talked with Craig Johnson, Director, Automotive Advanced Systems Innovation Department, Renesas Electronics America Inc. to discuss the innovation behind its connected car efforts and why automated security with real-time threat intelligence and strategic segmentation is imperative to protect customers’ information and vehicle.
Recently, FortiGuard Labs has been observing a surge in an email spam campaign delivering the latest GandCrab v2.1 ransomware. This article provides a basic overview of this malicious campaign, and points out details that can help users identify it.
There are basically two kinds of threats organizations and users face today: the ones that security vendors and threat researchers know about, and those they don’t. The ones we know about get vendor patches, signatures are updated across a variety of security tools in order to detect them, and behaviors are documented in order to detect and disrupt the more sophisticated ones. People who are affected by these sorts of attacks usually either don’t have the right security tools deployed in the right places, or they aren’t practicing adequate cyber hygiene.
Recently, FortiGuard Labs uncovered a new python-based cryptocurrency mining malware that uses the ETERNALROMANCE exploit, that we have dubbed “PyRoMine.” In this article, I provide an analysis of this malware and show how it leverages the ETERNALROMANCE exploit to spread to vulnerable Windows machines.
Just a week after publishing our discovery of Trickbot’s networkDLL, the FortiGuard Labs monitoring system has found a new module called squlDll that is being actively distributed to the banking trojan’s victims.
Information sharing is one of the most critical elements of any security strategy. Without it, security has to be painted with abroad brush when literally anything is possible. Being able to compare the device or network you are trying to protect against a set of threats that are known to be currently active is invaluable in pitting the right resources and countermeasures against the appropriate target.
Endpoint security is the responsibility of far more than the endpoint or desktop IT team. In fact, it is required to be understood and leveraged by anyone who is responsible for the organization’s network security. These groups need better visibility, compliance, controls and response across the entire distributed network, including on and off network endpoints. More than simply protecting individual devices, a true endpoint security solution continually assesses and ensures the integrity, confidentiality, and availability of enterprise data, network resources, and information systems.
At FortiGuard Labs we were interested in searching out other malware that leverages Mirai code modules. Interestingly, one of the families that showed up in our search was the Hide ‘N Seek (HNS) bot, which was discovered in January of 2018. HNS is a complex botnet that uses P2P to communicate with peers/other infected devices to receive commands. In this article, I will discuss how the Mirai bot code was used in this HNS bot.
Healthcare has long been a regulated space due to the sensitive personal information collected and stored. Top of mind when thinking of healthcare regulations is HIPAA, which provides comprehensive and mandatory standards for ensuring the security and privacy of protected health information (PHI). Noncompliance can result in heavy fines, as well reputational damage.
The explosion of new applications and connected IoT devices has created a wealth of data that, when analyzed, provides businesses with critical insights into consumer behaviors and interests, allowing them to create more customized offerings. Combined with the accelerated adoption of solutions across IaaS, PaaS and SaaS, the cloud is here to stay. However, this also means that cybercriminals will continue to attack the cloud.