Blogs

The cliché of "threats are evolving" is unavoidable. That is because it is true. With threats constantly changing and becoming increasingly complex, organizations need a strategic vendor that can help them get not only visibility but is operationally smart.   The vendor needs to have solutions that enable organizations to operate more efficiently while navigating complexity and big data. To improve on your security strategies, companies should implement solutions that can ingest data quickly from different security solutions and categorize them into events. At the minimum, these solutions should have a way to then alert administrators to take action based on these events. The security vendor should have flexible solutions that can complement not only their solutions, but also be vendor agnostic and enable security administrators to go through logs and events, build a baseline model that will help them detect anomalies faster, continuously monitor their environment, and take auto r

The FortiSwitch 400 series welcomes a new addition in the FortiSwitch 424E-Fiber. This is the first fiber only switch by Fortinet offering 24 slots which you can populate with  a variety of long and short range fiber transceivers. Four 10GbE capable uplinks round out this new switch which is now available for order. In addition to our newest FortiSwitch 424E-Fiber, we have refreshed our 424 series switch with new hardware. The new FortiSwitch 424E, 424E-POE and 424E-FPOE are significant because they double the number of 10GbE capable uplink interfaces previously available in our D series to four making this a perfect switch for demanding campus and Secure SD-Branch environments. For further details and specifications can be found in our Secure Access Family Datasheet found here https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiSwitch_Secure_Access_Series.pdf As well as the Fortinet.com website.

With reInvent coming up, there are some things that you should watch out for! Amazon's Web Services (AWS) reInvent 2019 is being held in Last Vegas, with professionals in all industries attending. With 60,000 people attending the biggest AWS conference of the year, you can expect some big announcements from Amazon in regard to their different services.   Join Fortinet this year to see demonstrations on protecting and monitoring your assets on the cloud, integration with AWS' solutions, and advance threat protection! Come talk to one of us to get more information as to how we work with AWS to help businesses of any size secure their environments on premise and on the cloud using our Security Fabric.   At this event, Fortinet is showing demonstrations releasing some new announcements that includes:   Support for Fortinet Managed Rules for AWS WAFV2 AWS CloudFormation Registry VPC Ingress Routing Enhancement Support FortiCWP Demonstration FortiWeb Integration to Fortinet's

Don't you hate it when you have a really good, strong, fun password and then the associated program/business gets breached and you have to change it? Personally, I hate thinking of new passwords, and likely I am not alone. It can be hard to think of a password that meets strong password policies and is easy to remember. Often folks take the easy way out and implement something super easy to remember but less secure. In fact, here is a list of the 1000 most common passwords (be sure you don't use any listed here): Most Popular Passwords                      Some opt for a password manager. Dark Reading recently published an article listing 6 password managers you might consider, providing the ability to strengthen your access management: 6 Small-Business Password Managers The Identity Theft Resource Center is an excellent source of information on breaches and what to do if you were i

Cyber Monday draws millions of shoppers online for deals and savings, but this day also provides opportunities for an attacker to steal personal information.    The Cybersecurity and Infrastructure Security Agency (CISA) reminds users to remain vigilant when browsing or shopping online.   CISA encourages Cyber Monday shoppers to review the following online shopping safety tips:   Do business with reputable vendors. Before providing any information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information. (See Avoiding Social Engineering and Phishing Attacks.) Use caution with email links and attachments. Take appropriate precautions when using email and web browsers to reduce the risk of an infection. Be wary of unsolicited email attachments and avoid clicking on email links, even if t

Watch theCUBE interview with FortiGuard Labs Derek Manky - 2020 Threat Landscape Predictions.

Multi-edge convergence is a term which describe enterprises moving to a complex architecture that requires converging multiple services into a single location. This means that the traditional approach of having the best of breed for networking, security, and other services can no longer compete in today hyper-competitive market. Rather than shying away from converging their infrastructure to work together, enterprises should embrace the idea of multi-edge convergence where multiple services are consolidated into a single solution.   The emergence of multi-edge convergence came from a couple of reasons. First, enterprises of all sizes are required now to be more agile than ever. Development are required to produce at a faster rate while security needs to keep up with development. In order for development to push out applications at a competitive rate, using the cloud is unavoidable. With cloud vendors like Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Ora

The best defense to protect your organization from cyber threats is to promptly apply security updates. But it is difficult to patch timely for a variety of reasons. Organizations generally have a mixed OS environment which may include legacy and leading edge applications and technologies, each platform needing to test an update before releasing to production. When you count in that some months there are over one hundred security updates released across various platforms, and it can easily be overwhelming. How do you know which patch should be a priority? How can you better understand the risk of the vulnerability being patched is to your organization? Fortinet can help. Each quarter we release a Threat Landscape Report that provides the top 10 exploits, malware and botnets targeted by cyber criminals, all from a prevalence point of view. This list is a good place to start when you are prioritizing which patches you should apply first. Fortinet manages over one hundred billion security

With many of the enterprises moving to the cloud and many resources existing now in many different environments to keep product development agile and competitive, today's organizations need to be aware of securing one of their most important public-facing assets, web servers. Web servers are often a prime target for attackers simply because they are public facing and closest to the cloud edge. They often involve a large amount of transactions and data. Securing these servers involves being very knowledgeable with the OSI stack and protocols associated with the stack like HTTP and the vulnerabilities that web servers typically have. Dealing with complexities of the cloud while not having the correct resources to protect organizations from external attacks can lead to data breaches, failed audits, legal complications, and more. Organizations need a solution that would enable them to scale security at the speed of development while still being easy to enable and use. FortiWeb Cloud WAF-as

Each week FortiGuard Labs releases a Threat Brief to present some of the more notable hot topics and threats from the week's threat landscape.   This week we start off discussing our cyber threat landscape predictions from FortiGuard's Chief of Security Insights and Global Threat Intelligence, Derek Manky. Derek's predictions include:   Intelligent swarms of customizable bots grouped by specific attack-functions, designed to share and learn from each other in real-time, could attack an organizations and overwhelm its ability to defend itself   The adoption of 5G is likely the impetus for the development of these swarm-based attacks   Combining machine learning with statistical analysis will help organizations develop customized playbooks to enhance their ability to detect detect specific threats based on a cyber-fingerprint and intervene mid-attack be being able to predict an attacker’s next moves   The use of deception technologies is going to spark

FortiGuard Labs Weekly Threat Brief summarizes the latest hot threat activity and insights from across this week's cyber threat landscape.  Here is a recap of what we are covering in this week’s Threat Brief: This week Fortinet released our quarterly Threat Landscape Report. This report distills our intelligence and analysis garnered from billions of events per day into our own unique perspective of the threat landscape. Here are a few of the topics we discuss in this report: Older vulnerabilities continue to remain attractive to cybercriminals, who are aware that users have a hard time patching timely. We saw more vulnerabilities targeted from 2007, than from 2018-2019 combined. We expose the top ten chart toppers from our IPS, Malware and Botnet prevalence stats. It is important to know what is in the eyes of the bad actors so you know where to shore up your defenses. While phishing still remains one of the top attack vectors, in Q3 we saw some unexpected spikes in attacks targ

In case you were unable to attend Microsoft Ignite last week, here is what happened at the event and how to use lessons learned from this event moving forward to help your company improve security and reduce risk within your environment.   Microsoft Ignite was held in Orlando, Florida this year with professionals ranging in all industries attending. As the biggest event for Microsoft this year with upwards of 30,000 attendees attending the event. Security vendors including Fortinet attended to spread security awareness and to release updates with the company.   This year, Fortinet's key messages for the event was Connect, Protect, Integrate, and Deliver.   With Connect, Fortinet partnered with Microsoft Azure to integrate Microsoft's Azure Virtual WAN solution to help deliver end to end secured connection. By automating tedious tasks like VPN tunnel configurations and routing configurations, organizations can operate more efficiently and reduce risk of human misconfig

This week Fortinet released our Q3 Global Threat Landscape report. Every second of every day, FortiGuard Labs is collecting data gathered from millions of devices and sensors around the world. We distill that threat intelligence into our quarterly threat report where we can provide our unique narrative of the threat world. Spikes at the Network Edge - In this issue we explore recent unexpected spikes in attacks targeting edge services with remote code execution exploits. Cybercriminals are more and more extending their tactics beyond phishing and establishing footholds at the network edge, then use that attack vector to begin delivering malware to targets inside the network. Design Flaw Exploited - A design flaw in legitimate ad blocking tools is being abused to support illicit schemes. Adblock Plus uses a key to detect approved advertisement sites so they can be whitelisted. However the key is being exploited to exempt malicious sites from being blocked. Old Vulnerabilities Targeted -

It is scary enough to think about all the bad things that wander outside our own houses. And our organizations have invested heavily to protect ourselves from these outsiders. Everyone—from the CEO, to the CFO, to the CIO and CISO, to the board of directors, wants to know what we are doing about them. But what lurks within our “houses” should be just—if not more so—disconcerting. Indeed, the sad reality is that a large percentage of exposed data, vulnerabilities, and compromised systems occur as a result of insiders. And even though many of us take steps to address insider threats, data suggests efforts are inadequate and despite these efforts, our organizations remain at serious risk of insider threats. Recognizing the need to raise awareness around insider threats, we commissioned Cybersecurity Insiders to conduct a survey of their security community on the topic. The resulting report, which was just released, sheds light on trends and challenges around insider threats, what organiz

Each week, FortiGuard Labs publishes a weekly Threat Brief discussing memorable threat activity during the week. Here is a recap of what we cover in this week's Threat Brief:    Attacks against the BlueKeep vulnerability have started. Fortunately, these attacks are not deemed wormable, at least yet, but they instead exploit the BlueKeep vulnerability to simply install cryptocurrency mining malware on infected systems.   Our FortiGuard Labs researchers have been assessing web applications with embedded Scalable Vector Graphics (SVG) images. While SVG provides flexibility that enables the creation of more dynamic web content, it also introduces additional security risks. We discuss common SVG attack vectors.   A popular Android keyboard app, Ai.type, was removed from Google Play earlier this year, once it was deemed malicious, but not before it had been downloaded on 40 million devices. The app makes suspicious requests that trigger the purchase of premium

FortiGuard Labs published a weekly Threat Brief discussing memorable threat topics and activity discussed and analyzed during the week.  Here is a recap of some of that activity: Mobile threats continue to increase in volume and impact. In this week's threat brief we outline five critical elements needed to enhance your mobile cyber security awareness program. This is critical as 14% of all cyber threats overall are detected on Android devices. In fact, this week we saw some prominent mobile threat activity. xHelper Trojan dropper is not only able to reinstall itself on Android devices after it has been removed, but it can also do so after a full factory reset of the device. You can read the analysis of this Trojan in this week's brief. Several humanitarian aid organizations were targeted with a mobile-focused phishing campaign. You can read more about this targeted phishing campaign and the various techniques that the bad actors used. Content management systems are often targete

Today Fortinet announced the fastest, most powerful, desktop SD-WAN appliance to date: the FortiGate 60F featuring our SOC4 security processor. This extends Fortinet’s commitment to providing Security-Driven Networking solutions by including this technology in our popular FortiGate 60 family, which has sold over 1.5 million units to date. Encrypted traffic represents a multi-faceted problem for most networks: With many cloud applications using secure tunnels, any SD-WAN solution that does not decrypt and inspect this traffic will not route and prioritize it correctly. Yet many vendors use standard processors in their products, which slows down performance greatly if inline decryption is enabled. To put it simply, attempting to improve User Quality of Experience (QoE) results in reduced QoE! The FortiGate 60F leverages security-driven networking principals (powered by our purpose-built security processor (SOC4) to deliver the fastest application steering and deep inspection of SSL/TLS

Each week, FortiGuard Labs publishes a Threat Brief that profiles notable hot topics and threats that were discovered or discussed during the week. Here is a recap of what we are covering in this week’s Threat Brief: Read about our FortiGuard Labs researchers analysis of several new spam samples caught in our proprietary spam monitoring system associated with a Remcos RAT campaign. Our researchers noticed an interesting tweet where they found a file that is part of a new BadPatch campaign. BadPatch is a tag used for a set of malware that was used in a campaign with possible link to Gaza hackers. We also review the ELECTRICFISH tool that is used to tunnel traffic between two IP endpoints, allowing one to export data without raising any flags. It is believed that this is one of the tools used by APT38 to amass more than $100 million in funds. The EternalBlue Downloader has been adapted to exploit the BlueKeep vulnerability. If a user is infected with this version of the EternalBlue Down

FortiGuard Labs Weekly Threat Brief summarizes the latest hot threat activity and insights from across this week's cyber threat landscape. https://fortiguard.com/resources/threat-briefHere are some interesting insights from this weeks issue: An Iran-linked advanced persistent threat (APT) group,  Charming Kitten, with ties to attacks on the US presidential re-election campaign recently added new techniques to its stockpile in an apparent ramp-up of their operations.   We discuss a new vulnerability discovered in the Linux sudo command that could allow unprivileged users to execute commands as root. When executing commands on a Linux operating system, unprivileged users can use the sudo (superuser do) command to execute commands as root as long as they have been given permission or know the root user's password.   This week we profile new research on analysis of the Winnti Group's backdoor dubbed "PortReuse". This is an interesting white paper that is

Fortinet is releasing version 8.5 of our FortiWLM software.  This version adds the capability to monitor the statistics and RF health of FortiGate managed wireless APs.   A FortiGate can now be added to FortiWLM in the ‘Add Controller’ configuration screen.  Switching between the FortiGate and FortiWLC context can be done via a drop down menu at the top of the screen.  When in FortiGate mode, the Monitor, Operate, and Administration tabs are accessible.  Configure and Reports are not available for FortiGate controller in this release.  This addition allows the FortiWLM platform to act as a unifying RF management platform for any Fortinet wireless controller hardware.   To learn more about FortiWLM and see a demonstration of the new FortiGate management features, you can watch our presentation from Mobility Field Day: https://www.youtube.com/watch?v=mk0JVfj0KQM   An additional feature added in this release is the ability to monitor applications an

Each week, FortiGuard Labs publishes our Threat Intelligence Brief that profiles some of the more interesting and impactful security events from the week. Here are some of the topics that we covered this week:   FortiGuard Labs researchers recently analyzed a new Golang ransomware that is targeting Linux systems. Golang is a statically typed, compiled programming language designed at Google that is becoming more popular within the malware development community   Our FortiGuard Labs researchers found some interesting websites associated with the current Rugby World Cup that advertise as free streaming service, but in fact are anything but. This article discusses the dangers of free streaming apps.   On Tuesday, Microsoft released updates for 59 security vulnerabilities, with 9 of them rated critical. Apple and Google Android also provided updates. All we can say is, get patching.   The Magecart cybercrime group places digital credit card skimmers on compromise

In our latest weekly Threat Brief, we look into a recently discovered critical vulnerability (FG-VD-19-117/CVE-2019-16920) affecting several EOL D-Link router models found by our FortiGuard researchers. This vulnerability could allow for remote code execution without authentication. This occurs when an attacker sends arbitrary input to the device's common gateway interface that could lead to command injection. We also review a spike in the Winnti backdoor observed over the last couple of months. Winnti is a Remote Access Trojan (RAT) being used against Linux and Windows platforms. It is memory resident, meaning that the malware and its behaviors are hard to detect. While it previously focused a lot of its attacks on the gaming industry to steal information, it most recently also began targeting the pharmaceutical industry. This week’s report discusses a Quest Software KACE K1000 endpoint management system vulnerability that is very simple to exploit, potentially leading to a breach int

A lot happens in the cyber threat world each week. FortiGuard Labs distills some of the more impacting activity into our weekly threat brief. You can read the full brief here: https://fortiguard.com/resources/threat-brief, including a link to subscribe to the weekly email. Below is summary of some of our articles this week: We breakdown our analysis of a newly discovered variant of the NetWire RAT that is spreading via phishing email. Summation of our analysis of a new TrickBot variant our researchers discovered that is being used in a targeted attack. The threat authors have leveraged some interesting tactics. Microsoft released out-of-band updates addressing two vulnerabilities, one of which is being exploited in the wild. The Emotet malware awoke from its hiatus. The latest attack begins with a spear-phishing campaign that uses a Word document that references a recently released memoir of Edward Snowden. Foreign Trading NanoCore RATs - Our researchers encountered a large-scale phis

FortiGuard Labs Weekly Threat Brief summarizes the latest hot threat activity and insights from across this week's cyber threat landscape.  Read here: Weekly Threat Brief FortiGuard Labs processes over 100 billion security events per day. This data is culled from our broad portfolio of products representing everything from devices to the cloud, and gives us a unique perspective of the threat landscape. We then turn this analysis into effective security guidance for you, for free, in our weekly threat brief. Here is a summary of what you will find in this week's edition: Nemty Analysis – FortiGuard Labs researchers recently analyzed the new Nemty ransomware. This malware contains similarities to the GandCrab ransomware… Most Dangerous Software Errors – This week MITRE published the Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors, a compilation of the most frequent and critical weaknesses that could lead to serious vulnerabilitie

A playbook is a collection of the tools, techniques and procedures that cyber criminals use to achieve their goal, organized in a structured format. Our playbooks are mapped to the Mitre ATT&CK framework and represent the life cycle of a particular threat campaign. These playbooks are designed to provide you with the detailed adversarial threat behavior you need to know to effectively protect and defend against a specific threat actors campaign. FortiGuard Labs has created a Playbook Viewer for you to access our playbooks. We currently have three playbooks available, mapping to  Zegost, Silence Group, and Goblin Panda, with more to come.  Access the Playbook Viewer here.