Description
The FortiGuard Incident Response team is ready to assist with the discovery, containment, and remediation of intrusions related to Zerobot botnet infections.
Zerobot is a new botnet propagating as part of a large-scale campaign that launched in mid-November 2022[1]. The campaign targets at least 21 known vulnerabilities for initial infection and propagation through an infected environment.
A quick response that effectively contains an intrusion before it can spread throughout an environment is key to minimizing business impact, reducing the complexity of remediation efforts, and reducing the likelihood of the intrusion degrading the security posture of the victim network.
Scope
FortiGuard.
Solution
Engaging Response Services.
To engage the IR team directly to assist in the event of an intrusion please use the ‘Experienced a breach?’ link available here:
https://www.fortinet.com/solutions/enterprise-midsize-business/security-as-a-service/fortiguard-inci...
This webpage also has additional information on the IR services we provide and how to mitigate the risk associated with this threat.
Engaging Proactive Services;
If there question if systems and networks are vulnerable to exploitation as part of the current Zerobot campaign or to proactively prepare the security teams to better handle this threat, ti is possible to engage the Incident Response Readiness service.
The FortiGuard IR Readiness service can assess the security posture and provide support to patch holes in the defenses, build playbooks to combat emerging threats, and war game the existing processes as part of tabletop activities.
it is possible to find more information on this service here:
https://www.fortinet.com/content/dam/fortinet/assets/solution-guides/sb-fortiguard-incident-readines...
https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-...
