June 2017
 
FortiGuard Threat Intelligence Brief - June 02, 2017
This week the threat actor(s) known as TheShadowBrokers released a cryptographically signed post, in which they announced the start of their "TheShadowBrokers Monthly Dump Service". This is a monthly release of 0-Days that will be sent to whoever is willing to pay them an amount of 100 ZEC (ZCash,...
 
FortiGuard Threat Intelligence Brief - June 09, 2017
Considering the events of the past few weeks, it is logical that the word "ransomware" has become more and more familiar to the average person. Many people have been exposed to what they only saw in movies for the first time. However, this does not mean that ransomware is the only kind of attack tha...
 
FortiGuard Threat Intelligence Brief - June 23, 2017
An old malware family resurfaced with a new campaign this week. Frauder, who took the top spot in our list, is capable of disrupting the normal functioning of the targeted machine and at the same time steal sensitive data like bank credentials, passwords, and other confidential information. You can f...
 
FortiGuard Threat Intelligence Brief - June 30, 2017
After the breakout of WannaCry in May, it was just a matter of time before the next big cyber threat would hit. And like clockwork, there it is: Petya, also called NotPetya (or even Nyetya) is a new malware variant that Fortinet has named a ransomworm. It has the attention of the world's press, and...
 
July 2017
 
FortiGuard Threat Intelligence Brief - July 07, 2017
Over the past few months, we have heard the word "cyberattack" more and more frequently in the news. Malware has existed for decades (actually, since John von Neumann began writing his treatise on "The Theory of Self-Replicating Automata" back in the 1940s), but over the last few months, with the ad...
 
FortiGuard Threat Intelligence Brief - July 14, 2017
With all the buzz that desktop malware has received over the past few weeks, it would be easy to fall into the trap of forgetting that mobile malware is also receiving a significant boost in popularity. In order to remind us of that, a new strain of Rootnik has surfaced. Rootnik is an Android malwar...
 
FortiGuard Threat Intelligence Brief - July 21, 2017
Citing notable cyber attacks such as the WannaCry ransomware outbreak, Mirai botnet, and most recently, the NotPetya ransomware, one of the world's largest insurers, Lloyd's of London, recently warned that the next well-executed cyber attack could cause global damages ranging from $53.1 billion to $...
 
FortiGuard Threat Intelligence Brief - July 28, 2017
This week has been a bad week for the bad guys and good news for everyone else. Let's begin.
 
August 2017
 
FortiGuard Threat Intelligence Brief - August 04, 2017
Cryptocurrencies have gained a lot of momentum in 2017, and consequently a lot of attention in the news. Most cyber attacks that demand some kind of ransom require victims to pay using one of the many available crypto currencies. These criminals take advantage of the anonymity these currencies grant a...
 
FortiGuard Threat Intelligence Brief - August 11, 2017
In the last week, one big event was the central talk topic in the Infosec community: the Security Researcher Marcus Hutchins, also known under the Twitter handle of MalwareTech, was arrested in the US, where he was attending the BlackHat and DefCon hacking conferences. The so-called "accidental hero...
 
FortiGuard Threat Intelligence Brief - August 18, 2017
Last week FortiGuard Labs identified a new campaign of the Locky ransomware, identified as "Diablo6", and described in detail how it propagates. For this reason, we decided to also release an in-depth technical analysis of the samples we found. You can find more about this in the Threat Research & I...
 
FortiGuard Threat Intelligence Brief - August 25, 2017
Locky ransomware has been dormant for months, but it seems like this malware family has finally decided to come out of its hibernation. Last week we mentioned that after the .diablo6 campaign the authors behind this ransomware started the .lukitus campaign. This second wave, distributed through email...
 
September 2017
 
FortiGuard Threat Intelligence Brief - September 1, 2017
The advent of the WannaCry ransomware caused immense problems around the world. One of the most famous victims of this malware was the NHS (National Health Service) in the UK. Its compromise served to elevate a concern that has been highlighted over the past year or so by the growth in ransomware at...
 
FortiGuard Threat Intelligence Brief - September 8, 2017
Last week HITCON took place in Taipei, Taiwan. HITCON is a hacking conference where elite cybersecurity researchers from across the world gather to share their research and exchange ideas about the global threat landscape. Some members of FortiGuard Labs ventured to Taipei to share their work. They...
 
FortiGuard Threat Intelligence Brief - September 15, 2017
Equifax, one of the oldest American credit agencies, announced this week that they were the victim of a devastating cyber attack earlier this summer, during which the personal information of as many as 143 million people was stolen, including social security numbers, credit histories, addresses, and...
 
FortiGuard Threat Intelligence Brief - September 22, 2017
This week something very peculiar happened. CCleaner is a highly distributed tool distributed by Piriform, a company acquired by Avast in July 2017. Their software was found to contain a backdoor, putting everyone who installed it at risk of remote access by an attacker. The malicious software was p...
 
FortiGuard Threat Intelligence Brief - September 29, 2017
Following the trend of the past month, this week another big firm experienced a breach that led to a leak of information.
 
October 2017
 
FortiGuard Threat Intelligence Brief - October 6, 2017
In 2013, Yahoo suffered a huge data breach resulting in the leaking of sensitive information from about 1 billion accounts. It was considered to be the largest information breach in history. It was followed by another one - again suffered by Yahoo - in 2014, which affected another 500M account. How...
 
FortiGuard Threat Intelligence Brief - October 13, 2017
The Financial Services industry continues to be a prime target for cybercriminals. A Taiwanese bank has become the latest to fall victim to hackers targeting SWIFT, which is a global financial messaging system that thousands of banks and commercial organizations across the world use to transfer bill...
 
FortiGuard Threat Intelligence Brief - October 20, 2017
This week researchers from the University of Leuven, Belgium, released a paper and a working proof of concept for an exploit of the Wi-Fi Protected Access II protocol. WPA2 is the standard encryption protocol in modern Wi-Fi communication, meaning that this vulnerability (called KRACK - Key Reinstall...
 
FortiGuard Threat Intelligence Brief - October 27, 2017
This week the ransomware called "Bad-Rabbit" was spotted for the first time, initially attacking users in Russia and Ukraine, but has been spotted spreading from there.
 
November 2017
 
FortiGuard Threat Intelligence Brief - November 3, 2017
After a few months of apparent inactivity, the Sage ransomware family resurfaced this past week with a new variant. While the encryption routine did not change (meaning it still belongs to the v2.2 release that first appeared in March 2017) this new campaign sports new evasion and obfuscation techni...
 
FortiGuard Threat Intelligence Brief - November 10, 2017
Cryptocurrencies have become a trendy topic over the past year. BitCoin, the first decentralized cryptocurrency, has reached a market exchange rate of nearly $7500 per unit. However, BitCoin is not the only cryptocurrency available on the market. Multiple alternatives have surfaced in the last few y...
 
FortiGuard Threat Intelligence Brief - November 17, 2017
This week the US Department of Homeland Security and the FBI identified a group of IP addresses associated with a remote administration tool (RAT) used by the North Korean government---commonly known as FALLCHILL.  According to third-party reporting, HIDDEN COBRA actors have likely been using FALLCH...