Archived Threat Briefs

On this page you will find an archive of our weekly Threat Intelligence Briefs, as well as the ability to sign up to receive these briefs every Friday. Join the thousands of other security-minded professionals who receive these weekly briefs!

FortiGuard Threat Intelligence Brief - October 05, 2018

FortiGuard Labs recently encountered malicious traffic traveling to a C2 server located in China. The connection was established by a domain using a name that closely resembled one of Japan's most famous express post delivery services. Our analysis showed that the website making this connection is f...

FortiGuard Threat Intelligence Brief - September 28, 2018

VPNFilter, a multi-stage modular framework that has infected hundreds of thousands of network devices around the world, has been discovered to have even greater capabilities than originally profiled. Announcing their findings through the Cyber Threat Alliance, Cisco's Talos provided early awareness...

FortiGuard Threat Intelligence Brief - September 21, 2018

Once again the Cyber Threat Alliance (CTA) members have collaborated on research. This week the CTA members released a collaborative report on illicit cryptomining (aka cryptojacking). Fortinet is a founding member of the CTA and believe that working together with other cybersecurity organizations,...

FortiGuard Threat Intelligence Brief - September 14, 2018

Get patching! For September Patch Tuesday Microsoft released updates addressing 61 vulnerabilities! Severity breakdown is: 17 rated critical, 43 rated important, and only one is rated as moderate. There were several Adobe updates as well.

FortiGuard Threat Intelligence Brief - September 07, 2018

A new banking Trojan has been identified targeting major Brazilian banking customers, as well as public sector organizations. This malware, code-named CamuBot, uses interesting new tactics with social engineering and malware techniques to bypass security controls, including strong authentication

FortiGuard Threat Intelligence Brief - August 31, 2018

FortiGuard Labs researchers have been monitoring an invasion of GandCrab updates of late. You can read our full blog to get all the chronology details. Below is a synopsis of what we discovered and has transpired lately.

FortiGuard Threat Intelligence Brief - August 24, 2018

For years there have been tools developed for malware research with a primary focus on the Windows platform, whereas tools for alternative operating systems, such as Linux and macOS, were few and far between. This made sense given the enormous adoption rate and market share that Windows operating sy...

FortiGuard Threat Intelligence Brief - August 17, 2018

This week, three new speculative execution vulnerabilities were announced, affecting Intel's Software guard Extensions (SGX) technology.  SGX allows programs to establish secure enclaves on Intel processors --- specifically the Kaby Lake and Skylake processors.  SGX is an Intel technology for application.......

FortiGuard Threat Intelligence Brief - August 10, 2018

Fortinet has a culture of innovation. It isn't more evident than at the BlackHat conference held this week in Las Vegas, where FortiGuard Labs researcher Kai Lu presented his application behavior monitoring tool called FortiAppMonitor for macOS.

FortiGuard Threat Intelligence Brief - August 03, 2018

Once again, Fortinet's membership in the Cyber Threat Alliance (CTA) continues to pay dividends. Sophos, also a CTA member, published their comprehensive research into the SamSam ransomware this week. As part of their CTA membership, Sophos shared all the indicators of compromise (IOCs) with other m...

FortiGuard Threat Intelligence Brief - July 27, 2018

Experts have been warning consumers for years about vulnerabilities in home automation solutions, and Hide 'N Seek (HNS) might be the first in-the-wild malware to actively target these vulnerabilities. It is expected that the growth of Internet of Things (IoT) devices will reach 20.4 billion by 2020...

FortiGuard Threat Intelligence Brief - July 20, 2018

SCADA/ICS technologies and related IIoT (Industrial Internet of Things) devices have become high-value targets for hackers looking to disrupt business operations, collect ransom, or compromise a rival nation's critical infrastructure. Nearly 60% of surveyed organizations using SCADA or ICS reported...

FortiGuard Threat Intelligence Brief - July 13, 2018

GandCrab ransomware has been quite active of late. The new 4.0 variant is being distributed through compromised fake software crack websites. When an unsuspecting user visits the infected site, they are redirected to a separate page containing the actual download link that executes the ransomware. I...

FortiGuard Threat Intelligence Brief - July 06, 2018

A new malware was discovered this week causing computers to be infected with something called "All-Radio 4.27 Portable" that does all sorts of nefarious things. It installs rootkits, crypto-miners, information-stealing Trojans and causes your computer to send out spam.

FortiGuard Threat Intelligence Brief - June 29, 2018

In our Q1 2018 Threat Landscape Report, we reported that cryptojacking malware is on the rise. In fact, we noted that it had more than doubled over what we saw in the previous quarter. Cybercriminals move to where the money is, and there is money to be made in exploiting your CPU resources for crypt...

FortiGuard Threat Intelligence Brief - June 22, 2018

The power of the Cyber Threat Alliance has proven valuable yet again as Symantec shared early awareness of their discovery and research concerning a cyberespionage campaign coming from the APT group, Thrip. CTA members were able to implement countermeasures with the information and shared indicators...

FortiGuard Threat Intelligence Brief - June 15, 2018

FortiGuard Labs Researchers have been monitoring the PyRoMine malware activity for several months and have discovered a new version of the threat called PyRoMinerIOT. The attack method is to use deceptive techniques to compel a user to install a browser update to download a zip file, which when ran,...

FortiGuard Threat Intelligence Brief - June 08, 2018

In partnership with the Cyber Threat Alliance, Cisco's Talos announced their research findings around newly discovered details affecting the VPNFilter botnet campaign. The VPNFilter botnet is an advanced, likely nation-state-sponsored attack, that utilizes sophisticated modular malware with a multi-...

FortiGuard Threat Intelligence Brief - June 01, 2018

On May 29, US-CERT released a joint Technical Alert (TA) between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) detailing the analytic results associated with two families of malware identified to be part of the HIDDEN COBRA campaign. The U.S. government has...

FortiGuard Threat Intelligence Brief - May 25, 2018

In a coordinated announcement with the Cyber Threat Alliance, Cisco's Talos security team released their research on a new, sophisticated, modular IoT botnet called VPNFilter. VPNFilter is an advanced nation-state-sponsored attack that utilizes sophisticated modular malware with a multistage payload...

FortiGuard Threat Intelligence Brief - May 18, 2018

On Wednesday, May 16, Fortinet released its Q1 2018 Threat Landscape Report. This report showcases Fortinet's unique perspective on the global threat landscape drawn from our collective research and intelligence culled from billions of threat events and incidents observed across global production en...

FortiGuard Threat Intelligence Brief - May 11, 2018

FacexWorm is spreading! FacexWorm, a malicious Chrome extension, originally detected in August, 2017 has returned. It is currently spreading via Facebook Messenger targeting cryptocurrency trading platforms and utilizing some new vicious tactics. Currently the threat only works in Chrome. 

FortiGuard Threat Intelligence Brief - May 04, 2018

Hidden Cobra Strikes Again! The Hidden Cobra hacking group, also known as Lazarus, has been ramping up global cyber espionage activity as of late. You may recall this team from their Sony Studios hack back in 2014. This current campaign, code-named Operation GhostSecret, appears to have started in M...

FortiGuard Threat Intelligence Brief - April 27, 2018

Operation Power OFF! In a coordinated effort by law enforcement agencies from the United States, the United Kingdom, the Netherlands, Canada, Hong Kong, Serbia, and various other European countries, Europol officials shut down webstresser.org. Webstresser.org was the world's largest DDoS-for-hire se...

FortiGuard Threat Intelligence Brief - April 20, 2018

FortiGuard Labs researchers are at it again: enlightening and impactful research. In this case, they focused on the reuse of the Mirai source code that had been leaked to the hacking community in 2016. The researchers' goal was to find malware variants that leveraged the original Mirai source code....

FortiGuard Threat Intelligence Brief - April 13, 2018

Patch Tuesday is among us yet again. On April 10, Microsoft released a total of 67 security updates (24 rated critical, 42 important, 1 moderate), not including an out-of-band critical update released last week to cover a flaw in the Microsoft Malware Protection Engine (MMPE). Included in this month...

FortiGuard Threat Intelligence Brief - April 06, 2018

Another week, another data breach, or breaches in this case.