Archived Threat Briefs

 

April 2017
 
FortiGuard Threat Intelligence Brief  - April 07, 2017
This week, an in-depth analysis of a new Android spyware called Chrysaor was released by FortiGuard Labs. This spyware is strictly related to Pegasus, an iOS spyware that was described as the "most sophisticated" smartphone attack ever back in August 2016. You can find more information about this ma...
 
FortiGuard Threat Intelligence Brief  - April 14, 2017
This week was marked by two very important leaks regarding US intelligence hacking tools. On Friday April 7th, WikiLeaks continued its now weekly series called Vault7, publishing its fourth installment named "Grasshopper". It describes a framework for building malware for Microsoft Windows operating...
 
FortiGuard Threat Intelligence Brief - April 21, 2017
This has been an interesting week for cybersecurity. We here at FortiGuard Labs have been monitoring new leaks from the hacker group ShadowBrokers that claim to contain new exploits from the NSA, we have seen a resurgence in ransomware attacks being driven, in part, by Ransomware-as-a-Service, and t...
 
FortiGuard Threat Intelligence Brief - April 28, 2017
Early this week, Interpol announced a new operation across the ASEAN region built around shared intelligence provided by Fortinet and other public and private sector threat intelligence providers. This operation resulted in the identification of 8,800 Command and Control (C2) servers and hundreds of...
 
 
May 2017
 
FortiGuard Threat Intelligence Brief - May 05, 2017
Over the past few days, a very dangerous and effective phishing campaign targeting Google Docs users has been perpetrated with relative success. The victim receives an email from a trusted email address containing a link to view a Google Document. What is peculiar about this campaign is that it actu...
 
FortiGuard Threat Intelligence Brief - May 12, 2017
Last weekend, researchers at Google discovered several Microsoft vulnerabilities, one of which was labeled "the worst Windows remote code exec in recent memory." Fortunately, the people at Microsoft took this very seriously and were able to release a fix for the bug in a matter of days. That said, s...
 
FortiGuard Threat Intelligence Brief - May 19, 2017
Last week was very intense for everyone in the Infosec community. As many of you are aware, the WannaCry ransomware hit a very large number of users running MS Windows. The modular ransomware worm exploited an SMB vulnerability that was patched a couple of months ago by Microsoft. However, numerous...
 
FortiGuard Threat Intelligence Brief - May 26, 2017
Two weeks after the first infections of WannaCry, the Ransomware that took the world by storm, we can finally take a deep breath and try to analyze the damage this campaign has done. One element worth noting is that while it may have disrupted lots of businesses, WannaCry failed to generate equivale...
 
June 2017
 
FortiGuard Threat Intelligence Brief - June 02, 2017
This week the threat actor(s) known as TheShadowBrokers released a cryptographically signed post, in which they announced the start of their "TheShadowBrokers Monthly Dump Service". This is a monthly release of 0-Days that will be sent to whomever is willing to pay them an amount of 100 ZEC (ZCash,...
 
FortiGuard Threat Intelligence Brief - June 09, 2017
Considering the events of the past few weeks, it is logical that the word "ransomware" has become more and more familiar to the average person. Many people have been exposed to what they only saw in movies for the first time. However, this does not mean that ransomware is the only kind of attack tha...
 
FortiGuard Threat Intelligence Brief - June 23, 2017
An old malware family resurfaced with a new campaign this week. Frauder, who took the top spot in our list, is capable of disrupting the normal functioning of the targeted machine and at the same time steal sensitive data like bank credentials, passwords and other confidential information. You can f...
 
FortiGuard Threat Intelligence Brief - June 30, 2017
After the breakout of WannaCry in May, it was just a matter of time before the next big cyber threat would hit. And like clockwork, there it is: Petya, also called NotPetya (or even Nyetya) is a new malware variant that Fortinet has named a ransomworm. It has the attention of the world's press, and...
 
July 2017
 
FortiGuard Threat Intelligence Brief - July 07, 2017
Over the past few months, we have heard the word "cyberattack" more and more frequently in the news. Malware has existed for decades (actually, since John von Neumann began writing his treatise on "The Theory of Self-Replicating Automata" back in the 1940s), but over the last few months, with the ad...
 
FortiGuard Threat Intelligence Brief - July 14, 2017
With all the buzz that desktop malware has received over the past few weeks, it would be easy to fall into the trap of forgetting that mobile malware is also receiving a significant boost in popularity. In order to remind us of that, a new strain of Rootnik has surfaced. Rootnik is an Android malwar...
 
FortiGuard Threat Intelligence Brief - July 21, 2017
Citing notable cyber attacks such as the WannaCry ransomware outbreak, Mirai botnet, and most recently, the NotPetya ransomware, one of the world's largest insurers, Lloyd's of London, recently warned that the next well-executed cyber attack could cause global damages ranging from $53.1 billion to $...
 
FortiGuard Threat Intelligence Brief - July 28, 2017
This week has been a bad week for the bad guys and good news for everyone else. Let's begin.
 
August 2017
 
FortiGuard Threat Intelligence Brief - August 04, 2017
Cryptocurrencies have gained a lot of momentum in 2017, and consequently a lot of attention in the news. Most cyber attacks that demand some kind of ransom require victims to pay using one of the many available crypto currencies. These criminals take advantage of the anonymity these currencies grant a...
 
FortiGuard Threat Intelligence Brief - August 11, 2017
In the last week, one big event was the central talk topic in the Infosec community: the Security Researcher Marcus Hutchins, also known under the Twitter handle of MalwareTech, was arrested in the US, where he was attending the BlackHat and DefCon hacking conferences. The so-called "accidental hero...
 
FortiGuard Threat Intelligence Brief - August 18, 2017
Last week FortiGuard Labs identified a new campaign of the Locky ransomware, identified as "Diablo6", and described in detail how it propagates. For this reason, we decided to also release an in-depth technical analysis of the samples we found. You can find more about this in the Threat Research & I...
 
FortiGuard Threat Intelligence Brief - August 25, 2017
Locky ransomware has been dormant for months, but it seems like this malware family has finally decided to come out of its hibernation. Last week we mentioned that after the .diablo6 campaign the authors behind this ransomware started the .lukitus campaign. This second wave, distributed through email...
 
September 2017
 
FortiGuard Threat Intelligence Brief - September 1, 2017
The advent of the WannaCry ransomware caused immense problems around the world. One of the most famous victims of this malware was the NHS (National Health Service) in the UK. Its compromise served to elevate a concern that has been highlighted over the past year or so by the growth in ransomware at...
 
FortiGuard Threat Intelligence Brief - September 8, 2017
Last week HITCON took place in Taipei, Taiwan. HITCON is a hacking conference where elite cybersecurity researchers from across the world gather to share their research and exchange ideas about the global threat landscape. Some members of FortiGuard Labs ventured to Taipei to share their work. They...
 
FortiGuard Threat Intelligence Brief - September 15, 2017
Equifax, one of the oldest American credit agencies, announced this week that they were the victim of a devastating cyber attack earlier this summer, during which the personal information of as many as 143 million people was stolen, including social security numbers, credit histories, addresses, and...
 
FortiGuard Threat Intelligence Brief - September 22, 2017
This week something very peculiar happened. CCleaner is a highly distributed tool distributed by Piriform, a company acquired by Avast in July 2017. Their software was found to contain a backdoor, putting everyone who installed it at risk of remote access by an attacker. The malicious software was p...
 
FortiGuard Threat Intelligence Brief - September 29, 2017
Following the trend of the past month, this week another big firm experienced a breach that led to a leak of information.