FortiGuard Labs discovered a running campaign against Russian-speakers using a new version of “Predator the Thief” stealer malware. The same actor was using one set of dummy files to deliver the stealer via different forms of phishing, including Zipped files, fake documents, fake pdfs, and the WinRAR exploit described in CVE-2018-20250.
In addition to remaining vigilant for new threats and vulnerabilities, don’t lose sight of what’s happening within your own environment. Basic cyber hygiene is perhaps the most neglected element of security today.
In one of our previous investigations into attacks on the service centers, FortiGuard Labs ran across a list of domains used by the criminals. During our subsequent monitoring process, we spotted a phishing HTML page on one of those webservers that was posing as a Dropbox login page.
Unless you’ve been entirely off the grid, you have probably heard that a number of high-profile organizations have recently been targeted by ransomware. It’s part of a growing trend that has the potential to impact large numbers of people, with potentially devastating consequences.
FortiGuard continues to investigate a series of attacks targeted at Bitcoin users. In our previous article, we discovered a numbers of fake websites registered by the perpetrators of these attacks in late 2017. We assumed at the time that these websites would soon be used for another series of attacks. And now, we have found proof of such attacks. During our new investigation we also discovered a number of tools used by the criminals for malicious documents crafting.
As global cyberattacks persist, cybersecurity is becoming a main focus in the C-suite. Gone are the days where it’s just a concern for IT teams. These rapid, sophisticated attacks across industries have demonstrated that cybersecurity is the responsibility of the entire organization as they seek to avoid the crippling effects associated with data breaches.
FortiGuard Labs continues to investigate a series of attacks on Bitcoin users. In our first blog, we provided a deep analysis of malicious samples from the Bitcoin Orcus RAT campaign. In this second part, we recreate the full path of a multistage complex attack, shed some light on some other activities of these criminal actors, and reveal their possible identities. Failed attempt Bitcointalk.org is a popular place to trade for bitcoins. In 2015 there was a simple and straightforward attack on its users. Somebody registered a...
Educational institutions have become regular targets for cybercriminals. In fact, the education sector accounted for 13 percent of data breaches in the first half of 2017, resulting in the compromise of around 32 million records. One of the top reasons that schools are targeted is the diverse data they store on students and staff, including personally identifiable information (PII), healthcare information, and financial information. These records can then be sold on the dark web to be used for purposes of identity theft and fraud. As educational...