Threat Research

FortiGuard Labs Weekly Threat Update – November 15, 2019

By Jeannette Jarvis | November 15, 2019

Each week, FortiGuard Labs publishes a Threat Brief to subscribers that profiles notable hot topics and threats that were discovered or discussed during the week. Here is a recap of what we are covering in this week’s Threat Brief:

  • This week, Fortinet released our Threat Landscape Report for Q3. This report distills our intelligence and analysis, garnered from billions of events per day, into our own unique perspective of the threat landscape. A few of the stories we cover in this quarter’s report include:
    • Older vulnerabilities continue to remain attractive to cybercriminals, who are aware that users have a hard time patching systems in a timely manner. We not only saw more vulnerabilities targeted from 2007 than from 2018-2019 combined, but more vulnerabilities from every year between 2007 and now.
    • As we do in each issue, we expose the top ten chart toppers from our IPS, Malware and Botnet prevalence point-of-view. It is important to know what is on the menu for the bad actors so you know where to shore up your defenses.
    • While phishing still remains one of the top attack vectors, in Q3 we saw some unexpected spikes in attacks targeting edge services with remote code execution attacks. Different attack vector, same outcome. Organizations need to ensure they keep their eye on the ball across their entire attack surface, especially when hyper-focusing on critical issues like phishing.
    • Real-time operating systems monitor things like hospital devices and critical infrastructures, so any vulnerability exploiting these platforms can be quite destructive. We delve into vulnerabilities affecting real-time operating systems that potentially impact over 200 million devices.
    • Cybercriminals are increasingly using banking Trojans to drop other payloads and additional banking malware on infected systems to maximize their opportunity for financial gain. Some of these tools are now making their way to the dark web as Malware-as-a-Service offerings. You should know more about this.
  • FortiGuard Labs also released an Emotet adversarial playbook. Emotet is among the more dangerous threats active today. Emotet started as a banking Trojan in 2014, but due to its modular nature, it has grown to incorporate botnet capabilities, evasive techniques, and other features. It is currently indiscriminately targeting victims worldwide. The Emotet playbook provides you with details about the collection of tools, techniques, and procedures used by the cybercriminals behind this growing threat.

  • We also detailed November's Patch Tuesday security updates from Microsoft, Adobe, and Intel. Several of these vulnerabilities were discovered by FortiGuard Labs researchers.

  • The Lazarus APT group has been relentless. You might also know them as HIDDEN COBRA. Over time, they have turned their sights on government and defense organizations, as well as the energy and financials sectors. Grab the latest Threat Intelligence Brief to read some recent detailed research on this prolific threat actor group.

You can find more details about these and other issues in the FortiGuard Labs Weekly Threat Intelligence Brief. Read this week's issue and subscribe to the weekly email distribution.

Learn more about FortiGuard Labs and the FortiGuard Security Services portfolio

Read about the FortiGuard Security Rating Service, which provides security audits and best practices.