Connect with us

Hi, what are you looking for?

HEADLINES

Fortinet’s FortiGuard threat landscape research released

Fortinet − a leader in high-performance network security – has announced the findings of its FortiGuard threat landscape research for the period of January 1 to March 31.

Fortinet − a leader in high-performance network security – has announced the findings of its FortiGuard threat landscape research for the period of January 1 to March 31. FortiGuard Labs observed that the Bitcoin mining botnet, ZeroAccess, was the No. 1 threat this quarter as reported by FortiGate devices worldwide. The report also reveals analysis of the South Korea cyberattacks and two new Android adware variants that have climbed the watch list in the last 90 days.

Fortinet“In the first quarter of 2013, we have seen owners of the ZeroAccess botnet maintain and expand the number of bots under its control,” said Richard Henderson, security strategist and threat researcher for Fortinet’s FortiGuard Labs. “In the last 90 days, the owners of ZeroAccess have sent their infected hosts 20 software updates.”

Based on reporting from FortiGate devices worldwide, ZeroAccess is the number one botnet threat the team is seeing. ZeroAccess is used primarily for click fraud and Bitcoin mining. The value of the decentralized, open source-based digital currency continues to skyrocket, which likely means the amount of money being made by ZeroAccess is in the millions of dollars or more.

“As Bitcoin’s popularity and value increases, we may see other botnet owners attempt to utilize their botnets in similar fashions or to disrupt the Bitcoin market,” Henderson continued.

In March and into April, Mt. Gox, the largest Bitcoin Exchange in the world, battled a continued Distributed Denial of Service (DDoS) attack in an attempt to destabilize the currency and/or profit from it. FortiGuard Labs’ analysis of ZeroAccess, which has the capability to load DDoS modules onto infected machines, revealed that the botnet does not currently have a DDoS module attached to its arsenal. This suggests other botnet owners are attempting to profit from fluctuations in the Bitcoin currency.

Advertisement. Scroll to continue reading.

The growth of new ZeroAccess infections has remained constant in the last 90 days. Since FortiGuard Labs began actively monitoring ZeroAccess in August 2012, the team has seen a virtually linear amount of growth in new infections. Most recently, the team is seeing a staggering 100,000 new infections per week and almost 3 million unique IP addresses reporting infections. It’s estimated that ZeroAccess may be generating its owners up to $100,000 per day in fraudulent advertising revenue alone.

A massive malware attack on South Korean television networks and financial institutions in March caused wide-scale damage, wiping thousands of hard drives. FortiGuard Labs, leveraging its partnerships with both the public and private sector in South Korea, has uncovered information relating to the nature of the attack and how the malware was spread. The team’s research shows the attackers were able to seize control of patch management systems and use the trusted nature of those systems to distribute malware within their targets’ networks.

“During our investigation of the attacks, we discovered that a version of the wiper malware was able to infect internal security management servers and use the trusted nature of that internal server to spread infections inside the victim’s network,” said Kyle Yang, Senior Manager of Antivirus at FortiGuard Labs.

Cleanup and restoration continues, and the perpetrators responsible remain unidentified.

Two new Android adware variants, Android.NewyearL.B and Android.Plankton.B have seen a large number of global infections in the past 90 days.

Advertisement. Scroll to continue reading.

“The new advertising kits we are monitoring suggest that the authors behind this are working very hard to remain undetected,” said David Maciejak, senior researcher for Fortinet’s FortiGuard Labs. “It’s also possible that Newyear and Plankton are being written by the same author, but being maintained separately in order to generate more infections.”

Both pieces of malware are embedded into various applications and have the ability to display advertisements, track users through the phone’s unique IMEI number, and modify the phone’s desktop.

“The surge in Android adware can most likely be attributed to users installing what they believe are legitimate applications that contain the embedded adware code,” said Guillaume Lovet, Senior Manager at FortiGuard Labs. “It suggests that someone or some group has been able to monetize these infections, most likely through illicit advertising affiliate programs.”

Users can protect themselves by paying close attention to the rights asked by an application at the point of installation. It is also recommended to download mobile applications that have been highly rated and reviewed.

FortiGuard Labs compiled threat statistics and trends for this threat period based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Services should be protected against the vulnerabilities outlined in this report as long as the appropriate configuration parameters are in place.

Advertisement. Scroll to continue reading.

FortiGuard Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail and FortiClient products.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Vishak Raman brings with him over two decades of experience in the cybersecurity space with proven expertise in product management, sales, marketing and business...

HEADLINES

What are the current trends businesses face in their digital acceleration efforts? And how can they secure their complex and distributed networks from cybercriminals? 

HEADLINES

Fortinet shared that a zero-day vulnerability officially labeled as CVE-2021-44228 or popularly known as log4Shell was discovered in the Apache software, the maker of...

HEADLINES

A survey reveals that while most organizations have a vision of zero trust or are in the process of implementing zero-trust initiatives, more than...

HEADLINES

Fortinet will become carbon-neutral by 2030 through the use of renewable energy, energy and carbon efficiency methodologies, and emissions offset programs across its owned...

BUSINESS

Gartner famously predicted that by 2023, 99% of security failures would be due to human error. While that figure may seem high, the point...

HEADLINES

Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, has been a driving force in the evolution of cybersecurity, helping organizations protect...

HEADLINES

5G is the most natively secured mobile generation. But the security foundations laid out in the 5G standards can only be a starting point...

Advertisement