Results for malware

Threat Research

New jRAT/Adwind Variant Being Spread With Package Delivery Scam

At the beginning of February 2018, FortiGuard Labs collected a malicious email with the subject “UPS DELIVERY UPDATE”, as shown in Figure 1. Phishers and scammers traditionally misuse the names of well-known organizations and individuals in order to make their malicious messages seem legitimate, allowing them to more easily trick unsuspecting victims. This email message contains a fake order tracking number with a bogus hyperlink that, rather than connecting the user to a legitimate website, downloads a jar malware. After a quick analysis, I was able to determine that this malware is jRAT/Adwind.

By Xiaopeng ZhangFebruary 16, 2018

Meltdown/Spectre Update

In addition to establishing an aggressive and proactive patch-and-replace protocol, it is essential that organizations have layers of security in place designed to detect malicious activity and malware, and to protect vulnerable systems.

By FortiGuard SE TeamJanuary 30, 2018

Prevalent Threats Targeting Cuckoo Sandbox Detection and Our Mitigation

In this blog post, we will discuss the history of sandbox detection. We will then unveil the malware families that KTIS has observed from spear-phishing emails that attempt to bypass the user-mode API hook in order to evade sandbox detection. And finally, we will share the mitigation method we use to harden the Cuckoo sandbox against this bypass technique.

By Floser Bacurio and Wayne LowJanuary 03, 2018

Industry Trends

Protecting Your Bottom Line from Cyber Risks

As global cyberattacks persist, cybersecurity is becoming a main focus in the C-suite. Gone are the days where it’s just a concern for IT teams. These rapid, sophisticated attacks across industries have demonstrated that cybersecurity is the responsibility of the entire organization as they seek to avoid the crippling effects associated with data breaches.

By Drew Del MattoDecember 26, 2017

Threat Research

Group Behind VenusLocker Switches From Ransomware to Monero Mining

There is no doubt that cryptocurrency has been on a steady rise. According to a research paper by the University of Cambridge, the market capitalization of cryptocurrency has increased more than three-fold since early last year and it’s not likely to stop there. With more and more people realizing that cryptocurrency is potentially a significantly profitable investment, this rise is likely to continue for the foreseeable future. And where there is profit, that is where malware attacks will gather. Which is why we have been expecting...

By Joie SalvioDecember 20, 2017

Industry Trends

Executive Insights: Fighting Automation with Automation

The proliferation of online devices accessing personal and financial information, the adoption of virtualized and multi-cloud environments, and the growing connection of everything – from armies of IoT devices and critical infrastructure in cars, homes, offices, and industry, to the rise of smart cities – have combined to create new destructive opportunities for cybercriminals.

By John Maddison December 14, 2017

Threat Research

Rise of One More Mirai Worm Variant

Not long after a new strain of the Akuma malware was discovered targeting ZyXEL devices with a new series of login/password attacks, FortiGuard Labs last week also began detecting strange scanning activities on uncommon TCP ports 52869 and 37215. We and other threat research teams quickly began to suspect that these were tied together, and that there was a new botnet out there.

By David MaciejakDecember 12, 2017

Business and Technology | Industry Trends

Threat Bars Lowered, Danger Raised: Using FortiClient to Address This New Security Dynamic

Fortinet is not standing still in the face of the rapidly changing threat environment. Recently, we added some significant new technologies to the latest iteration of FortiClient, our endpoint protection product. For example, FortiClient now includes an Anti-Exploit Engine that delivers a next-generation approach to endpoint protection. It also includes auto-patching capabilities that streamline patch management for known vulnerabilities. Automation of patching drives efficiencies while enabling organizations to address vulnerabilities faster.

By Damien LimDecember 11, 2017

Threat Research

Fortinet Quarterly Threat Landscape Report: The Battle Against Cybercrime Continues to Escalate

Fortinet today announced the findings of its latest Global Threat Landscape Report. The research reveals that high botnet reoccurrence rates and an increase of automated malware demonstrate that cybercriminals are leveraging common exploits combined with automated attack methods at unprecedented speed and scale.

By Anthony GiandomenicoNovember 28, 2017

Threat Research

A Deep Dive Analysis of the FALLCHILL Remote Administration Tool

FortiGuard Labs has been actively monitoring FALLCHILL, validating all its IOCs (indicators of compromise), and providing protection for our customers. In a previous post we provided a high level overview of FALLCHILL. In this research report we dig even further, providing a deep dive analysis of the FALLCHILL Remote Administration Tool (RAT) in order to shed additional light on this threat, and thereby help our customer and the security community at large defend against this threat and similar threats.

By Minh TranNovember 28, 2017