Results for malware

Threat Research

Analysis of New Agent Tesla Spyware Variant

Recently, FortiGuard Labs captured a new malware sample that was spread via Microsoft Word documents. After some quick research, I discovered that this was a new variant of the Agent Tesla spyware. I analyzed another sample of this spyware last June and published a blog about it. In this blog, I want to share what’s new in this new variant.

By Xiaopeng ZhangApril 05, 2018

Threat Research

VenusLocker Delivering Rotten Easter Eggs in South Korea

Over this past Easter weekend, FortiGuard Labs came across a new malicious spam campaign specifically targeting South Korea. What made this campaign unique from others is that it is the first GandCrab 2.0 malspam ransomware campaign that we’ve seen in South Korea targeting organizations in the financial sector. It appears to be originating from the VenusLocker group, which we highlighted in December of last year when we documented that they had switched their game plan from ransomware to cryptocurrency mining. Well, it appears that the VenusLocker group is back in the ransomware game, this time with GandCrab.

By Val SaengphaibulApril 04, 2018

Industry Trends

Securing IT Modernization at The Federal Level

Federal agencies are modernizing legacy IT systems to mitigate cyber risks. Learn why the modernization of security solutions must occur alongside these new deployments, and how Fortinet can help.

By Shelly ScarpelliMarch 31, 2018

Threat Research

Monitoring macOS, Part I: Monitoring Process Execution via MACF

Over the years, the FortiGuard Labs team has learned that it is very common for macOS malware to launch a new process to execute its malicious activity. So in order to more efficiently and automatically analyze the malicious behaviors of malware targeting macOS, it is necessary to develop a utility to monitor process execution. The MACF on macOS is a good choice to implement this utility. The Mandatory Access Control Framework - commonly referred to as MACF - is the substrate on top of which all of Apple’s securities, both macOS and iOS, are implemented. In this blog, I will detail the implementation of monitoring process execution, including command line arguments, via MACF.

By Kai LuMarch 30, 2018

Threat Research

Monitoring macOS, Part II: Monitoring File System Events and Dylib Loading via MACF

In the previous blog from FortiGuard Labs in this series, we discussed how to monitor process execution with command line arguments using MACF on macOS. In this blog, we will continue to discuss how to monitor file system events (including file open, read, write, rename, and delete operations) and dynamic library loading via MACF on macOS. I will provide all the technical details below. Let’s get started!

By Kai LuMarch 30, 2018

Threat Research

FortiGuard Labs Discovers Vulnerability in D-Link Router DIR868L

In August of 2017, FortiGuard Labs discovered a pre-authenticated remote code execution vulnerability on D-Link router DIR868L. This vulnerability is specific to a local ISP’s customized firmware.

By Tony LoiMarch 30, 2018

Threat Research

Monitoring macOS, Part III: Monitoring Network Activities Using Socket Filters

In the two previous blogs in this series from FortigGuard Labs, we discussed how to monitor process execution with command line arguments, file system events, and dylib loading events using MACF on macOS. In this blog, we will continue to discuss how to monitor network activities (another significant behavior for malware) using Socket Filters (a part of the Network Kernel Extension) on macOS. The network activities to be monitored include UDP, TCP, ICMP, DNS query, and response data. I provide all the technical details below, so let’s get started again!

By Kai LuMarch 30, 2018

Industry Trends

Mitigating Personal Cyber Risk

The biggest security challenge facing individuals and businesses today isn’t scale. It’s hyperconnectivity. The various devices and applications being used in homes or at organizations have now become so intertwined that it’s hard to keep them separate. The cloud allows users to access data and information from any device with a Wi-Fi connection or data plan, and IT consumerization encourages those same users to download new applications and storage solutions to use and share across a wide variety of devices.

By Anthony GiandomenicoMarch 29, 2018

Industry Trends

The Blessing and Curse of Automation

As data becomes the new currency of the digital marketplace, one of the biggest security challenges organizations face is the number and kinds of endpoint devices that need access to the network. Smartphones, laptops, Chromebooks, tablets, and IoT devices of every function and size, and belonging to both employees and consumers, now regularly connect to some segment of the network to access data.

By Aamir LakhaniMarch 27, 2018

Industry Trends

Combatting the Transformation of Cybercrime

The volume of cyberattacks is growing at an unprecedented rate, increasing as much as nearly 80% for some organizations during the final quarter of 2017. One reason for this acceleration in the attack cycle is that in order for malware to succeed today it needs to spread further and faster than even before. This allows cybercriminals to stay a step ahead of new efforts by vendors to improve their delivery of updated signatures and patches.

By John MaddisonMarch 20, 2018