This is our third week of the roundup, and things in the cyberthreat world continue to be interesting, including the return of several attacks we have seen for years. Here’s a quick summary of what happened this week.
2. Social Engineering Makes a Comeback. On the heels of everyone getting back to school, often with shiny new laptops in place, we detected a nearly 10X increase in the malicious use of the remote administration tool called “Ammyy.” Much of this is related to the old “tech support” scam, where someone calls pretending to be from a company like Microsoft and convinces the victim to install the Ammyy tool – which then gives the hacker complete control over the device, like allowing them to install malicious malware.
3. Heartbleed Returns As Well. The Heartbleed vulnerability has also been around for years. It is designed to exploit the CVE-2014-0160 vulnerability in OpenSSL, allowing cybercriminals to steal information normally protected by SSL encryption. Its reoccurrence is now part of what has become our reminder of the critical importance of having a consistent patching routine established for your organization.
4. Compromised Web Sites. This week we also detected a number of legitimate websites that had been compromised to redirect visitors to malicious sites that would attempt to infect victims with ransomware. The best defense against this sort of exploit, which simply targets browsing web users, is to install a web filtering tool like FortiWeb to protect your employees, as well as to be consistently monitoring your web assets to ensure that they have not been compromised.
Read the Report
This was a busy week for cybercriminals, and this week’s roundup barely scratched the surface. If you would like more information like this, we recommend subscribing to our FortiGuard Threat Intelligence Brief, which provides links to more details and a breakdown of Fortinet’s regular threat research we collect here each week.