Threat Research

FortiGuard Labs Weekly Threat Update – October 11, 2019

By Jeannette Jarvis | October 11, 2019

Each week, FortiGuard Labs publishes a Threat Intelligence Brief to subscribers that profiles notable hot topics and threats that were discovered or discussed during the week. Here is a recap of what we are covering in this week’s report:

  • We begin by looking into some work done by our FortiGuard Labs team around reverse-engineering malware written in Golang. Also known as Go, Golang is a statically typed, compiled programming language designed at Google that is becoming more popular within the malware development community. Our researcher analyzed a new Golang ransomware targeting Linux systems.

  • It can be really enticing to use a free online streaming service for watching sports, movies, gaming and more. We profile how dangerous these sites can actually be, not just in terms of serving up malware, but also for stealing credit card information. What appears to be free, may not be after all. In particular, we focus on sites associated with the current Rugby World Cup.

  • We also discuss what seemed like an endless stream of updates on Patch Tuesday. Microsoft released patches for 59 vulnerabilities, Apple released a bounty of updates covering multiple solutions, and Google fixed flaws in their Android Media framework. We also offer a more detailed write-up on our Patch Tuesday blog.

  • The Magecart cybercrime group has been placing digital credit card skimmers on compromised e-commerce sites. They are highly active and we have already profiled them multiple times this year. In this week's brief, we review a recent detailed report focused on their activity. The cybercriminals behind Magecart primarily focus on high-traffic public networks, such as those found in coffee shops and airports.

  • We also discuss research around the Aggah campaign from the Gorgon Group. This is a threat group suspected to be comprised of Pakistan-based members or have other connections to Pakistan. They perform a mix of criminal and targeted attacks. In this week’s report we touch on some of the new tactics, techniques, and procedures that these malicious actors have been using in their latest campaign.

You can find more details about these and other issues in the FortiGuard Labs Weekly Threat Intelligence Brief. Read this week's issue and subscribe to the weekly email distribution.

Learn more about FortiGuard Labs and the FortiGuard Security Services portfolio

Read about the FortiGuard Security Rating Service, which provides security audits and best practices.