FortiGuard Labs just released our latest Quarterly Threat Landscape report for Q4 of 2017. As usual, there are a lot of take-aways for CISOs, but a few items stood out. In particular, attacks were up per firm by 82% and swarm cyber attacks targeted the Internet of Things (IoT) with growing intensity.
Fortinet FortiGuard Labs has come across a ransomware that only accepts Monero – an open source cryptocurrency created in 2014 – for payment, signaling a shift away from the widely used and accepted standard Bitcoin in the ransomware space. Ransomware authors are aware of current trends and events, and appear to be taking advantage of all the hype surrounding the cryptocurrency craze.
Visa Payment Systems Intelligence recently announced that cybercriminals are threatening the payments ecosystem by leveraging a vulnerable Microsoft Dynamic Data Exchange protocol in phishing campaigns. This phishing attack relies on the Dynamic Data Exchange (DDE) protocol for infection instead of the usual malicious macros or an exploit kit. FortiGuard Labs has issued three IPS signatures that defend our customers against these attacks.
FortiGuard Labs has been actively monitoring FALLCHILL and validating all IOCs, whether we discovered them ourselves through one of our millions of sensors deployed around the world, or collected from the hundreds of threat sharing feeds we subscribe to. Our comprehensive threat information-sharing program includes Governments, Certs, and Strategic Partners from around the world.
A new ransomware campaign dubbed “Bad Rabbit” has hit a number of high profile targets in Russia and Eastern Europe. First detected on October 24th, 2017, Bad Rabbit was originally detected in Russia and Ukraine, along with a small number of infections reported in parts of eastern Europe, Turkey, and Germany. However, the attack now appears to be spreading to other regions, including reports from South Korea and the US.
There have been some news items floating around the Internet discussing a weakness in the ANSI X9.31 random number generator (RNG) known as DUHK (for Don't Use Hard-coded Keys) that had affected older FortiGate devices. An update was issued more than a year ago when the flaw was first announced to Fortinet.