Threat Research

Threat Research

Defending Against the New VPNFilter Botnet

A newly reported botnet named VPNFilter targets SCADA/ICS environments by monitoring MODBUS SCADA protocols and exfiltrating website credentials.

By FortiGuard SE TeamMay 23, 2018

Threat Research

I’ve Got Trickbot Under My Screen

FortiGuard Labs spotted yet another new module being distributed by the very active Trickbot banking malware using a technique called “Hidden VNC” (virtual network computer) to stealthily take control of a victim’s machine.

Threat Research

Buffer Overflow Attack Targeting Microsoft IIS 6.0 Returns

FortiGuard Labs has been documenting a spike in new attacks targeting a buffer overflow vulnerability in the WebDAV service in Microsoft IIS 6.0, peaking on Apr 13, 2018 when we logged over 4 million triggers.

By Bing LiuMay 23, 2018

Threat Research

An Analysis of Microsoft Edge Chakra NewScObjectNoCtor Array Type Confusion (CVE-2018-0838)

CVE-2018-0838 is one of the ‘type confusion’ bugs in the Microsoft Edge Chakra Engine that was fixed by Microsoft three months ago. This bug causes memory corruption and can possibly be exploited to execute arbitrary code when a vulnerable system browses a malicious web page via Microsoft Edge.

By Dehui YinMay 18, 2018

Threat Research

A Wicked Family of Bots

As we continue to keep track of the latest IoT botnets, the FortiGuard Labs team has seen an increasing number of Mirai variants, thanks to the source code being made public two years ago. Since then, threat actors have been adding their own flavours to the original recipe.

Threat Research | Industry Trends

Fortinet Threat Report Reveals an Evolution of Malware to Exploit Cryptocurrencies

Fortinet FortiGuard Labs today unveiled the findings of its latest Global Threat Landscape Report. The research reveals an evolution of malware to exploit cryptocurrencies.

By FortiGuard SE TeamMay 16, 2018

Threat Research

New Remcos RAT Variant is Spreading by Exploiting CVE-2017-11882

Several days ago, FortiGuard Labs captured a malware sample that was exploiting the Microsoft Office vulnerability CVE-2017-11882 patched by Microsoft last November. The sample is an RTF document with an Equation object. By analyzing its behavior in my test environment, I realized that it spreads a new variant of Remcos RAT, version “2.0.4 Pro,” that was released on April 7, 2018 from its official website. It is able to control the victim’s PC after infection.

By Xiaopeng ZhangMay 04, 2018

Threat Research

GandCrab V3 Accidentally Locks Systems with New ‘Change Wallpaper’ Feature

GandCrab is one of the most talked about ransomware families this year primarily due to its increasing distribution volume, as we described in our previous article. At the end of last month, FortiGuard Labs discovered a new spam wave from the same campaign delivering the latest version, GandCrab v3.

By Joie SalvioMay 04, 2018

Threat Research

Yet Another Crypto Mining Botnet?

In February 2018, several Russian nuclear scientists were arrested for allegedly mining cryptocurrencies using computing resources located at a Russian nuclear warhead facility. Globally, cryptominers are rapidly increasing and spreading for an obvious reason: it’s lucrative.

By David MaciejakMay 03, 2018

Threat Research

GandCrab 2.1 Ransomware on the Rise with New Spam Campaign

Recently, FortiGuard Labs has been observing a surge in an email spam campaign delivering the latest GandCrab v2.1 ransomware. This article provides a basic overview of this malicious campaign, and points out details that can help users identify it.