Heightened Cybersecurity Resource Center
Addressing the Threat of Cyber Warfare
We continue to see headlines touting the increased heightened sense of concern amongst organizations with regard to potential cyberattacks. Fortinet has created a resource center to provide advice on how to reduce your risk in addition to the latest threat intelligence from FortiGuard Labs.
Sign up to receive an update when new content is added to the Heightened Cybersecurity Resource Center
Breaking Threat Intelligence
Another Wiper Malware Targeted Enterprises in Ukraine #DoubleZeroMar 25, 2022
Enterprises in Ukraine were targeted by another wiper malware. Dubbed "DoubleZero," the malware was distributed in a zip archive and destroys the compromised machine by overwriting files and deleting registry keys.
Joint CyberSecurity Advisory Alert on "PrintNightmare” Vulnerability and Default MFA Protocols Exploited by Russian State-Sponsored Cyber ActorsMar 16, 2022
Russian state-sponsored cyber actors have gained network access to a non-governmental organization (NGO) through exploitation of default Multi-Factor Authentication (MFA) protocols and the "PrintNightmare" vulnerability (CVE-2021-34527).
Additional Wiper Malware Deployed in Ukraine #CaddyWiperMar 14, 2022
A new wiper malware, dubbed CaddWiper, has been observed in the wild attacking Ukrainian interests. Preliminary analysis reveals that it erases user data and partition information from attached drives. This is a breaking news event. More information will be added when relevant updates are available.
MicroBackdoor Used in Attacks Against Ukraine OrganizationsMar 9, 2022
CERT-UA reports that Ukrainian organizations are under cyberattacks that aim to install a publicly available backdoor named "MicroBackdoor." The cyberattacks are attributed to APT group "UAC-0051", a group who has reportedly acted for Belarusian government's interests in the past.
Fake Purchase Order Used to Deliver Agent TeslaMarch 07, 2022
FortiGuard Labs recently came across a phishing e-mail masquerading as a purchase order addressed to a Ukrainian manufacturing organization. The e-mail contained a PowerPoint attachment that is in reality a sophisticated, multi-stage effort to deploy the Agent Tesla RAT (Remote Access Trojan).
Remote Utilities Software Distributed in Ukraine via Fake Evacuation Plan EmailMarch 1, 2022
A copy of Remote Manipulator System (RMS) was submitted from Ukraine to VirusTotal with the file name roughly translated to "Evacuation Plan (approved by the SSU)". The RMS is a legitimate remote administration tool that allows a user to remotely control another computer.
Defense Against Wiper Malware AttacksFeb 25, 2022
On Feb 23rd, numerous Ukrainian organizations were targeted with attacks employing ‘KillDisk’ or ‘HermeticWiper’ malware, which appears to have no adversarial purpose other than to irreparably destroy data on an endpoint. This article highlights how FortiEDR detects and blocks behavior associated with this wiper activity and how to ensure that FortiEDR is configured to offer these protections.
Nobelium Returns to the Political StageFeb 24, 2022
FortiGuard Labs has uncovered evidence that the Nobelium group is impersonating someone associated with the Turkish embassy in targeted email-based attacks. We will be analyzing one such attack that uses Omicron/Covid-19 as a lure.
New Wiper Malware Discovered Targeting Ukrainian InterestsFeb 24, 2022
FortiGuard Labs is aware of new wiper malware observed in the wild attacking Ukrainian interests. Various estimates indicate that the malware wiper has been installed on several hundreds of machines within the Ukraine.
Assessing, Preparing and Securing
Incident Readiness Subscription Service
To help you navigate this situation effectively, our Incident Readiness Subscription Service assists customers with a rapid and effective response when an incident is detected but also helps you better prepare for an unforeseen cyber incident through Readiness Assessments, IR Playbook Development and IR Playbook testing (Tabletop Exercises).
Ukraine Crisis Cyber Readiness ChecklistFeb 24, 2022
As Russian military forces have operations started in Ukraine, the question of, whether cyber warfare will also be deployed stays unanswered. However, our focus is to keep our customers safe and help them prepare for further cyber-attacks. For that, we put together this readiness checklist.
The Art of War (and Patch Management)Feb 23, 2022
"Given the very high tensions that we are experiencing, companies of any size and of all sizes would be foolish not to be preparing right now as we speak -- to increase their defenses, to do things like patching, to heighten their alert systems, to be monitoring in real-time their cybersecurity…"
Fortinet Cyber Threat Assessment
Secure network architectures need to constantly evolve to keep up with the latest advanced persistent threats. There are two ways to find out if your solution isn’t keeping up—wait for a breach to happen or run validation tests.
Global Threat Landscape Report 2H 2021Feb 23, 2022
The findings in this report represent the collective intelligence of FortiGuard Labs, drawn from a vast array of network sensors collecting billions of threat events each day observed in live production environments around the world.
Cyber Threat Predictions for 2022Nov 18, 2021
But our challenge going forward is far more than just the rising number of attacks. We are also seeing an increase in attacks on high-profile targets, including the supply chain attack on SolarWinds and the disruption of Colonial Pipeline and JBS Meats, which affect thousands of organizations and millions of people who have nothing to do with IT.