Industry Trends

Threat Intelligence Roundup September 09, 2016

By Bill McGee | September 09, 2016

This is our third week of the roundup, and things in the cyberthreat world continue to be interesting, including the return of several attacks we have seen for years. Here’s a quick summary of what happened this week.

1. It’s Still About Ransomware. While last week’s spike seems to have calmed down, we are still seeing an alarming amount of ransomware. This week our top 10 detections were all Javascript-based variants of Nemucod, with nearly 7 million attempts logged. It seems like attackers are producing a new Nemucod variant nearly every day

2. Social Engineering Makes a Comeback. On the heels of everyone getting back to school, often with shiny new laptops in place, we detected a nearly 10X increase in the malicious use of the remote administration tool called “Ammyy.” Much of this is related to the old “tech support” scam, where someone calls pretending to be from a company like Microsoft and convinces the victim to install the Ammyy tool – which then gives the hacker complete control over the device, like allowing them to install malicious malware.

3. Heartbleed Returns As Well. The Heartbleed vulnerability has also been around for years. It is designed to exploit the CVE-2014-0160 vulnerability in OpenSSL, allowing cybercriminals to steal information normally protected by SSL encryption. Its reoccurrence is now part of what has become our reminder of the critical importance of having a consistent patching routine established for your organization.

4. Compromised Web Sites. This week we also detected a number of legitimate websites that had been compromised to redirect visitors to malicious sites that would attempt to infect victims with ransomware. The best defense against this sort of exploit, which simply targets browsing web users, is to install a web filtering tool like FortiWeb to protect your employees, as well as to be consistently monitoring your web assets to ensure that they have not been compromised.

Read the Report

This was a busy week for cybercriminals, and this week’s roundup barely scratched the surface. If you would like more information like this, we recommend subscribing to our FortiGuard Threat Intelligence Brief, which provides links to more details and a breakdown of Fortinet’s regular threat research we collect here each week.