Archived Threat Briefs

January 2017

FortiGuard Threat Intelligence Brief - January 06, 2017
2016 was the year of the Brexit vote, the Rio Olympics, and the US presidential election. It was also the year of ransomware. Throughout 2016, we watched ransomware grow in popularity, frequency, and effectiveness. We also observed the introduction of...

FortiGuard Threat Intelligence Brief - January 13, 2017
This week, the world's attention has been focused on US President-elect Donald Trump and the allegations that purport to connect him to data stolen by Russian hackers during the 2016 US election
 
FortiGuard Threat Intelligence Brief - January 20, 2017
Over the past few months, IoT (Internet of Things) devices have been the focus of attention in both the research world and the mainstream news.  The reason behind this lies not only in the increase of popularity of these devices but also, and more important.....
 
FortiGuard Threat Intelligence Brief - January 27, 2017
This week was marked by the news of the arrest of one of Kaspersky Labs' researchers, Ruslan Stoyanov, along with Sergei Mikhailov, a division head of the Russian intelligence service FSB, on a charge of treason.  
 
 
February 2017
 
FortiGuard Threat Intelligence Brief - February 03, 2017
January has come to an end, and with it we've witnessed the resurfacing of the Sage Ransomware, along with the frequent appearance of the Satan variant.  At the same time, Locky, ranked as the top malware threat in the world just a few months ago, is no longer in the top 10.  
 
FortiGuard Threat Intelligence Brief - February 10, 2017
This past week was marked by one of the most important sporting events of the year in the US: the Super Bowl.  Without going into more detail of what happened on the field, we will focus attention on the threats that huge events often pose, both to people at the stadium and at home.  
 
FortiGuard Threat Intelligence Brief - February 17, 2017
This week's highlight for most of us was surely Valentine's day - a day known for love and kindness to others.  At FortiGuard Labs we'd hope that same wave of kindness would have spread to the far reaches of the net, inducing a love-inspired cease-fire, even if for one day. 
 
FortiGuard Threat Intelligence Brief - February 24, 2017
This week's highlight is from the RSA Conference.  While a wide range of security topics were discussed and technologies displayed, most of the attention was focused on IoT and cloud security.  
 
 
March 2017
 
FortiGuard Threat Intelligence Brief  - March 03, 2017
March opens up with two big discoveries made by Google.  The first was the discovery of the Cloudbleed bug in the CloudFlare infrastructure.  The second is the confirmation that is it possible to easily create SHA-1 collisions.  
 
FortiGuard Threat Intelligence Brief - March 10, 2017
On March 7th, WikiLeaks took the world by storm by releasing the first part of its series of posts called "Vault7". The content unveiled by these posts is focused on the CIA (Central Intelligence Agency) and its supposed hacking tools.  According to WikiLeaks, what has been released in the first .......
 
FortiGuard Threat Intelligence Brief - March 17, 2017
On March 15th, two Russian intelligence officials, together with two hackers hired by the Russian government, were charged with stealing more than half a billion accounts from Yahoo! The breach happened in 2014, but the data stolen has been reported to have been used as recently as December 2016. A...
 
FortiGuard Threat Intelligence Brief - March 24, 2017
Yesterday March 23, 2017, WikiLeaks released its second report they are calling Vault7 "Dark Matter".  This release contains information on many projects targeting Apple products such as Mac laptops, desktops and the iPhone.
 
FortiGuard Threat Intelligence Brief - March 31, 2017
This week, Fortinet released its Threat Landscape Report for Q4 2016. This report provides an analysis of threat data gathered between October 1st and December 31st, 2016 from millions of devices spread around the world.
 
 
April 2017
 
FortiGuard Threat Intelligence Brief  - April 07, 2017
This week, an in-depth analysis of a new Android spyware called Chrysaor was released by FortiGuard Labs. This spyware is strictly related to Pegasus, an iOS spyware that was described as the "most sophisticated" smartphone attack ever back in August 2016. You can find more information about this ma...
 
FortiGuard Threat Intelligence Brief  - April 14, 2017
This week was marked by two very important leaks regarding US intelligence hacking tools. On Friday April 7th, WikiLeaks continued its now weekly series called Vault7, publishing its fourth installment named "Grasshopper". It describes a framework for building malware for Microsoft Windows operating...
 
FortiGuard Threat Intelligence Brief - April 21, 2017
This has been an interesting week for cybersecurity. We here at FortiGuard Labs have been monitoring new leaks from the hacker group ShadowBrokers that claim to contain new exploits from the NSA, we have seen a resurgence in ransomware attacks being driven, in part, by Ransomware-as-a-Service, and t...
 
FortiGuard Threat Intelligence Brief - April 28, 2017
Early this week, Interpol announced a new operation across the ASEAN region built around shared intelligence provided by Fortinet and other public and private sector threat intelligence providers. This operation resulted in the identification of 8,800 Command and Control (C2) servers and hundreds of...
 
 
May 2017
 
FortiGuard Threat Intelligence Brief - May 05, 2017
Over the past few days, a very dangerous and effective phishing campaign targeting Google Docs users has been perpetrated with relative success. The victim receives an email from a trusted email address containing a link to view a Google Document. What is peculiar about this campaign is that it actu...
 
FortiGuard Threat Intelligence Brief - May 12, 2017
Last weekend, researchers at Google discovered several Microsoft vulnerabilities, one of which was labeled "the worst Windows remote code exec in recent memory." Fortunately, the people at Microsoft took this very seriously and were able to release a fix for the bug in a matter of days. That said, s...
 
FortiGuard Threat Intelligence Brief - May 19, 2017
Last week was very intense for everyone in the Infosec community. As many of you are aware, the WannaCry ransomware hit a very large number of users running MS Windows. The modular ransomware worm exploited an SMB vulnerability that was patched a couple of months ago by Microsoft. However, numerous...
 
FortiGuard Threat Intelligence Brief - May 26, 2017
Two weeks after the first infections of WannaCry, the Ransomware that took the world by storm, we can finally take a deep breath and try to analyze the damage this campaign has done. One element worth noting is that while it may have disrupted lots of businesses, WannaCry failed to generate equivale...
 
June 2017
 
FortiGuard Threat Intelligence Brief - June 02, 2017
This week the threat actor(s) known as TheShadowBrokers released a cryptographically signed post, in which they announced the start of their "TheShadowBrokers Monthly Dump Service". This is a monthly release of 0-Days that will be sent to whomever is willing to pay them an amount of 100 ZEC (ZCash,...
 
FortiGuard Threat Intelligence Brief - June 09, 2017
Considering the events of the past few weeks, it is logical that the word "ransomware" has become more and more familiar to the average person. Many people have been exposed to what they only saw in movies for the first time. However, this does not mean that ransomware is the only kind of attack tha...
 
FortiGuard Threat Intelligence Brief - June 23, 2017
An old malware family resurfaced with a new campaign this week. Frauder, who took the top spot in our list, is capable of disrupting the normal functioning of the targeted machine and at the same time steal sensitive data like bank credentials, passwords and other confidential information. You can f...
 
FortiGuard Threat Intelligence Brief - June 30, 2017
After the breakout of WannaCry in May, it was just a matter of time before the next big cyber threat would hit. And like clockwork, there it is: Petya, also called NotPetya (or even Nyetya) is a new malware variant that Fortinet has named a ransomworm. It has the attention of the world's press, and...