We recently received a malware sample recently that had been packed and compiled on Tue Feb 06 2018. After unpacking it, we found that it contained a version of the Dreambot/Ursnif trojan, which had a compilation date of Tue Oct 10 2017, suggesting that existing versions of Dreambot are now being packaged with brand-new droppers.
This is the first conference where I have heard so much about hacking robots! Between yesterday and today, we've had: • Robotnikoff at Troopers: robots, security, and privacy - Brittany Postnikoff • Hacking Robots Before Skynet - Lucas Apa • Breaking the Laws of Robotics: Attacking Industrial Robots - Davide Quarta
I am currently at Troopers, a well-known German hacking conference in Heidelberg. I had heard many positive reports on about this conference, especially their awesome hardware badge, and am glad I finally got to speak there. My talk was on hacking a smart toothbrush, and why it's important to secure any connected device, even those - like toothbrushes - that seem harmless. If you missed my talk, my slides will soon be online:, check the Fortiguard Research Centre. Now, let's focus on some of today's talks.
FortiGuard continues to investigate a series of attacks targeted at Bitcoin users. In our previous article, we discovered a numbers of fake websites registered by the perpetrators of these attacks in late 2017. We assumed at the time that these websites would soon be used for another series of attacks. And now, we have found proof of such attacks. During our new investigation we also discovered a number of tools used by the criminals for malicious documents crafting.
Wikipedia defines steganography as “the practice of concealing a file, message, image, or video within another file, message, image, or video.” At this point, security professionals will immediately recognize the potential for steganography to act as vehicle for surreptitiously delivering malicious code into systems targeted for cybersecurity exploit, and subsequently exfiltrating purloined data from compromised devices. Given the ingenuity of the adversary community, it will be no surprise that the frequency of steganographically-based attacks has increased over the last couple of years.
In preparation for our talk entitled “IoT: Battle of Bots” at the RootedCon Security conference that will be held in Madrid, Spain this March 2018, the FortiGuard Labs team encountered yet another new Mirai variant.
FortiGuard Labs just released our latest Quarterly Threat Landscape report for Q4 of 2017. As usual, there are a lot of take-aways for CISOs, but a few items stood out. In particular, attacks were up per firm by 82% and swarm cyber attacks targeted the Internet of Things (IoT) with growing intensity.
At the beginning of February 2018, FortiGuard Labs collected a malicious email with the subject “UPS DELIVERY UPDATE”, as shown in Figure 1. Phishers and scammers traditionally misuse the names of well-known organizations and individuals in order to make their malicious messages seem legitimate, allowing them to more easily trick unsuspecting victims. This email message contains a fake order tracking number with a bogus hyperlink that, rather than connecting the user to a legitimate website, downloads a jar malware. After a quick analysis, I was able to determine that this malware is jRAT/Adwind.