During the last few months, FortiGuard Labs discovered and reported multiple use-after-free (UAF) vulnerabilities found in different versions of Microsoft Word. These vulnerabilities were patched in the January and March security updates, respectively. These patches are rated as critical/important, and as always, we urge users update Microsoft Office as soon as possible.
The evolution of malware is being fueled largely by the proliferation of IoT. According to Gartner data, there were about 8 billion connected “things” in 2017. But that number is expected to nearly triple to more than 20 billion in just the next two years, which averages out to roughly three connected devices per person on Earth. Simply put, the opportunity for cybercriminals to enter networks and steal data or hold segments (or the entirety) of the network hostage is growing at an exponential rate, with no signs of slowing down.
Operational Technology (OT) networks play a critical role in manufacturing, defense, emergency services, food and agriculture, financial systems, and critical infrastructure, just to name a few. OT networks and devices include supervisory control and data acquisition (SCADA) systems and industrial control systems (ICS). They might be deployed anywhere – inside an automated manufacturing floor, outside a chemical processing plant managing valves and switches, on a rig in the middle of the ocean, or out in the arctic monitoring oil and gas pipelines. OT systems often perform simple yet essential tasks, such as monitoring a valve and shutting it off when a certain value is triggered. As a result, they can perform their tasks with little change for years. Which also means they sometimes run on aging operating systems and obsolete hardware using home grown applications. Since the goal for an OT system is to run exactly as designed, even patches are only applied if they do not hinder the process of the OT system.
We love our technology. No one can imagine life without their smartphone today. But there’s so much more than this available on the market now. We have wearable technology such as a smart watches, tablets and laptops, voice activated devices such as Amazon Echo or Google Home, and even smart appliances like refigerators, lighting, air-conditioning, entertainment, and security systems. All of these are known collectively as the IoT (the Internet of Things).
Perhaps the most neglected element of security is simply network and device hygiene. While new, innovative threats continue to pop up on almost daily, our latest Global Threat Landscape Report reveals that long known and yet still unpatched vulnerabilities continue to serve as the primary gateway for attacks, with organizations reporting an average of 274 attacks per firm – a 82% increase over the previous quarter. This alarming trend emphasizes that while remaining vigilant for new threats and vulnerabilities in the wild is critical, organizations also need to stay focused on what is happening within their own environment.
In preparation for our talk entitled “IoT: Battle of Bots” at the RootedCon Security conference that will be held in Madrid, Spain this March 2018, the FortiGuard Labs team encountered yet another new Mirai variant.
On 6th December 2017, FortiGuard Labs discovered a compromised website - acenespargc[.]com. Looking into the source code, we noticed a suspicious encrypted script which the uses eval() function to convert all the characters into numbers. We used a tool called CharCode Translator to reverse the numbers back into characters. We were then able to retrieve a link which redirects to a scam page or phishing website.
FortiGuards Labs has spotted a new phishing campaign that targets bitcoin investors by offering Gunbot, a relatively new bitcoin trading bot application. However, instead of being a tool designed to ensure more profit, it serves an Orcus RAT malware that result in the loss of investments and more.