Threat Research

FortiGuard Labs Weekly Threat Update – November 22, 2019

By Jeannette Jarvis | November 22, 2019

Each week, FortiGuard Labs publishes a Threat Brief to subscribers that profiles notable hot topics and threats that were discovered or discussed during the week. Here is a recap of what we are covering in this week’s Threat Brief:

  • This week, we start off by discussing the cyber threat landscape predictions from our Chief of Security Insights and Global Threat Intelligence, Derek Manky. A few of Derek's predictions include:
    • Intelligent swarms of customizable bots grouped by specific attack-functions, designed to share and learn from each other in real-time, could attack an organization and overwhelm its ability to defend itself
    • While the idea has been talked about for a while, the adoption of 5G may finally be the impetus for the development of these swarm-based attacks 
    • Combining machine learning with statistical analysis will help organizations develop customized playbooks to enhance their ability to detect specific threats based on a cyber fingerprint and intervene mid-attack by being able to predict an attacker’s next moves
    • The use of deception technologies is going to spark a counterintelligence war by the Black Hat community, similar to how virtualization and sandboxing have led to the development of more sophisticated evasion techniques
       
  • A recent spam campaign was sent pretending to be a critical Microsoft Windows update, but instead attempts to install the Cyborg ransomware. The suspect email comes with a spoofed attachment that is actually an executable file with a malicious .NET downloader that delivers additional malware. The malware builder is hosted on the GitHub developer platform, which makes it easily accessible for others to create their own ransomware variants.

  • We also discuss an interesting custom packer tool, called Frenchy. While most packers are intended to simply unpack, Frenchy goes much further and we are already seeing this new packer being used in different malware campaigns.

  • You can read about the APT33 group that has been infecting the oil industry with destructive malware since 2018. This group leverages botnets that link to its own C&C server, comprised of a small group of infected computers used to gain persistence within the network of a selected target.

  • PureLocker is a newly discovered ransomware run by several well-known, financially motivated threat actor groups: FIN6, Cobalt Gang, and Cobalt Spider. PureLocker is sold on the dark web by a veteran Malware-as-a-Service provider. This particular malware is written in PureBasic, which makes it easier to port the malware between various operating systems.

You can find more details about these and other issues in the FortiGuard Labs Weekly Threat Intelligence Brief. Read this week's issue and subscribe to the weekly email distribution.

Learn more about FortiGuard Labs and the FortiGuard Security Services portfolio

Read about the FortiGuard Security Rating Service, which provides security audits and best practices.