I was sent this article. It is amazing to me the amount of time that was invested in hiding the script and the related activity. Are there any tips or tricks to stopping melicious code like this?
https://threatresearch.ext.hp.com/raspberry-robin-now-spreading-through-windows-script-files/
Solved! Go to Solution.
Even if this worm is cleanable by FortiEDR and not FortiGate, it seems that some harmful traffic related to it can be stopped by FortiGate's IPS engine.
Below a screenshot from my FG IPS signatures.
@SecurityPlus
Check this link on how to be protected using FortiEDR
How FortiEDR protects against RaspberryRo... - Fortinet Community
Thank you. Sorry for the delay in responding. Curious if this malicious traffic were to try to pass through a well configured FortiGate if it would likely be stopped? If so, is there a particular firewall configuration that is particularly important to stopping this?
@SecurityPlus
Knowing the vulnerability behavior, which is known to spread with a USB stick, it already infects a PC. Then a legit traffic is sent to some C2 servers around the world.
In this case, FortiEDR would be the protection and not rely entirely on FortiGate alone.
But in any case, it is good if you consult some of our Security Experts that might help you better discuss your security concerns from design prospective
Even if this worm is cleanable by FortiEDR and not FortiGate, it seems that some harmful traffic related to it can be stopped by FortiGate's IPS engine.
Below a screenshot from my FG IPS signatures.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.