Fortinet FortiGuard Labs today unveiled the findings of its latest Global Threat Landscape Report. The research reveals an evolution of malware to exploit cryptocurrencies.
To help organizations adapt to the new realities of the emerging digital marketplace and the related threats targeting digital businesses, IBM Security just announced X-Force Threat Management. We are also pleased to announce that this news also includes that Fortinet was selected to be a key security partner in this new offering
Over this past Easter weekend, FortiGuard Labs came across a new malicious spam campaign specifically targeting South Korea. What made this campaign unique from others is that it is the first GandCrab 2.0 malspam ransomware campaign that we’ve seen in South Korea targeting organizations in the financial sector. It appears to be originating from the VenusLocker group, which we highlighted in December of last year when we documented that they had switched their game plan from ransomware to cryptocurrency mining. Well, it appears that the VenusLocker group is back in the ransomware game, this time with GandCrab.
Over the last few months, the Microsoft Security Response Centre (MSRC) has released a number of Windows updates to fix multiple Use-After-Free (UAF) vulnerabilities discovered by FortiGuard Labs. As stated in our previous blog post, we will provide a technical write-up for one of the UAF issues that was rated as critical by MSRC. The issue is assigned to CVE-2018-0797. In this blog post we will share our methodologies in identifying the root cause of the issue, as well as an analysis of the mitigation deployed by Microsoft to address the UAF vulnerability.
Over the years, the FortiGuard Labs team has learned that it is very common for macOS malware to launch a new process to execute its malicious activity. So in order to more efficiently and automatically analyze the malicious behaviors of malware targeting macOS, it is necessary to develop a utility to monitor process execution. The MACF on macOS is a good choice to implement this utility. The Mandatory Access Control Framework - commonly referred to as MACF - is the substrate on top of which all of Apple’s securities, both macOS and iOS, are implemented. In this blog, I will detail the implementation of monitoring process execution, including command line arguments, via MACF.
In the previous blog from FortiGuard Labs in this series, we discussed how to monitor process execution with command line arguments using MACF on macOS. In this blog, we will continue to discuss how to monitor file system events (including file open, read, write, rename, and delete operations) and dynamic library loading via MACF on macOS. I will provide all the technical details below. Let’s get started!
In the two previous blogs in this series from FortigGuard Labs, we discussed how to monitor process execution with command line arguments, file system events, and dylib loading events using MACF on macOS. In this blog, we will continue to discuss how to monitor network activities (another significant behavior for malware) using Socket Filters (a part of the Network Kernel Extension) on macOS. The network activities to be monitored include UDP, TCP, ICMP, DNS query, and response data. I provide all the technical details below, so let’s get started again!
FortiGuard continues to investigate a series of attacks targeted at Bitcoin users. In our previous article, we discovered a numbers of fake websites registered by the perpetrators of these attacks in late 2017. We assumed at the time that these websites would soon be used for another series of attacks. And now, we have found proof of such attacks. During our new investigation we also discovered a number of tools used by the criminals for malicious documents crafting.
Wikipedia defines steganography as “the practice of concealing a file, message, image, or video within another file, message, image, or video.” At this point, security professionals will immediately recognize the potential for steganography to act as vehicle for surreptitiously delivering malicious code into systems targeted for cybersecurity exploit, and subsequently exfiltrating purloined data from compromised devices. Given the ingenuity of the adversary community, it will be no surprise that the frequency of steganographically-based attacks has increased over the last couple of years.
FortiGuard Labs just released our latest Quarterly Threat Landscape report for Q4 of 2017. As usual, there are a lot of take-aways for CISOs, but a few items stood out. In particular, attacks were up per firm by 82% and swarm cyber attacks targeted the Internet of Things (IoT) with growing intensity.