Results for mirai

Threat Research

A Wicked Family of Bots

As we continue to keep track of the latest IoT botnets, the FortiGuard Labs team has seen an increasing number of Mirai variants, thanks to the source code being made public two years ago. Since then, threat actors have been adding their own flavours to the original recipe.

Threat Research

Searching for the Reuse of Mirai Code: Hide ‘N Seek Bot

At FortiGuard Labs we were interested in searching out other malware that leverages Mirai code modules. Interestingly, one of the families that showed up in our search was the Hide ‘N Seek (HNS) bot, which was discovered in January of 2018. HNS is a complex botnet that uses P2P to communicate with peers/other infected devices to receive commands. In this article, I will discuss how the Mirai bot code was used in this HNS bot.

By Jasper ManuelApril 16, 2018

Threat Research

Dreambot 2017 vs. ISFB 2013

We recently received a malware sample recently that had been packed and compiled on Tue Feb 06 2018. After unpacking it, we found that it contained a version of the Dreambot/Ursnif trojan, which had a compilation date of Tue Oct 10 2017, suggesting that existing versions of Dreambot are now being packaged with brand-new droppers.

By Jerome CruzMarch 16, 2018

Threat Research

RootedCon Wrap Up

RootedCon is a security conference held from the 1st to the 3rd of March in Madrid, Spain. This year’s conference was the ninth iteration, and one could see the results of those years of experience in the flawless organization at the event.

By Dario DurandoMarch 16, 2018

Threat Research

OMG: Mirai-based Bot Turns IoT Devices into Proxy Servers

In preparation for our talk entitled “IoT: Battle of Bots” at the RootedCon Security conference that will be held in Madrid, Spain this March 2018, the FortiGuard Labs team encountered yet another new Mirai variant.

Satori Adds Known Exploit Chain to Enslave Wireless IP Cameras

Satori, a Mirai based IoT bot, has been one of the most actively updated exploits in recent months. It is believed that the hacker behind this bot is also the author of other Mirai variants, known as Okiru, and Masuta. FortiGuard Labs researchers recently observed a new Satori version that had added a known exploit chain (one which had been used in the past by the Persirai bot) to enable it to spread to vulnerable devices, particularly, wireless IP cameras that run a vulnerable custom version of the GoAhead web server.

Industry Trends

How Financial Services Firms Can Protect Against DDoS Attacks

Distributed denial-of-service (DDoS) attacks are becoming increasingly common across the financial services industry. DDoS attacks occur when a portion of the network is targeted, typically at the networking, transport, or application layer, with a flood of requests that overwhelm network bandwidth, causing it to slow or crash completely. 

By Brian ForsterJanuary 04, 2018

Threat Research

Security Research News in Brief - August 2017 Edition

Welcome back to our monthly review of some of the most interesting security research publications.

By Axelle ApvrilleOctober 19, 2017

Business and Technology

Executive Insights: Threat Intelligence: The Fuel that Powers Cyber Defenses

For anyone reading the news regularly, it’s not hard to grasp that cyber threats are getting more sophisticated and damaging by the day. From a security technology provider’s perspective, I can add that tackling them is a fast mounting challenge for the millions of businesses that come under attack daily.  Modern cybersecurity technologies – assuming you have already put in place the right professionals, policies, and processes − are a must. But organizations deploying them need to look beyond the boxes that sit on...

By Michael XieOctober 04, 2017

Industry Trends

For Cybercriminals, IoT Devices are Big Business

When people think of cybercrime, they tend to think of geeks in dark rooms staring into computer monitors trying to figure out some new way to infiltrate a network. And historically, that was a pretty accurate assessment. Today, however, cybercrime is a business. Cybercriminals tend to keep business hours (attack surges very often follow standard work hours), attacks are designed to generate revenue, and cost/benefit ratios are often considered when deciding who and how to attack a target. Hacker tools and malware can be custom built and...

By Anthony GiandomenicoSeptember 20, 2017