Welcome!

Eclipse Authors: Liz McMillan, XebiaLabs Blog, Ken Fogel, Sematext Blog, Marcin Warpechowski

News Feed Item

Fortinet(R)'s FortiGuard Threat Landscape Research Team Reports That Bitcoin Botnet, ZeroAccess, Was the Number One Threat This Quarter

Team Also Reveals Information on South Korea Attacks and Two New Android Adware Variants

SUNNYVALE, CA -- (Marketwired) -- 04/10/13 -- Fortinet® (NASDAQ: FTNT) -- a world leader in high-performance network security -- today announced the findings of its FortiGuard threat landscape research for the period of January 1 - March 31, 2013. FortiGuard® Labs observed that the Bitcoin mining botnet, ZeroAccess, was the number one threat this quarter as reported by FortiGate devices worldwide. The report also reveals analysis of the South Korea cyberattacks and two new Android adware variants that have climbed the watch list in the last 90 days.

ZeroAccess Shows No Signs of Slowing
"In the first quarter of 2013, we have seen owners of the ZeroAccess botnet maintain and expand the number of bots under its control," said Richard Henderson, security strategist and threat researcher for Fortinet's FortiGuard Labs. "In the last 90 days, the owners of ZeroAccess have sent their infected hosts 20 software updates."

Based on reporting from FortiGate devices worldwide, ZeroAccess is the number one botnet threat the team is seeing. ZeroAccess is used primarily for click fraud and Bitcoin mining. The value of the decentralized, open source-based digital currency continues to skyrocket, which likely means the amount of money being made by ZeroAccess is in the millions of dollars or more.

"As Bitcoin's popularity and value increases, we may see other botnet owners attempt to utilize their botnets in similar fashions or to disrupt the Bitcoin market," Henderson continued.

In March and into April, Mt. Gox, the largest Bitcoin Exchange in the world, battled a continued Distributed Denial of Service (DDoS) attack in an attempt to destabilize the currency and/or profit from it. FortiGuard Labs' analysis of ZeroAccess, which has the capability to load DDoS modules onto infected machines, revealed that the botnet does not currently have a DDoS module attached to its arsenal. This suggests other botnet owners are attempting to profit from fluctuations in the Bitcoin currency.

The growth of new ZeroAccess infections has remained constant in the last 90 days. Since FortiGuard Labs began actively monitoring ZeroAccess in August 2012, the team has seen a virtually linear amount of growth in new infections. Most recently, the team is seeing a staggering 100,000 new infections per week and almost 3 million unique IP addresses reporting infections. It's estimated that ZeroAccess may be generating its owners up to $100,000 per day in fraudulent advertising revenue alone.

Wiper Attack Hits South Korea Companies
A massive malware attack on South Korean television networks and financial institutions in March caused wide-scale damage, wiping thousands of hard drives. FortiGuard Labs, leveraging its partnerships with both the public and private sector in South Korea, has uncovered information relating to the nature of the attack and how the malware was spread. The team's research shows the attackers were able to seize control of patch management systems and use the trusted nature of those systems to distribute malware within their targets' networks.

"During out investigation of the attacks, we discovered that a version of the wiper malware was able to infect internal security management servers and use the trusted nature of that internal server to spread infections inside the victim's network," said Kyle Yang, Senior Manager of Antivirus at FortiGuard Labs.

Cleanup and restoration continues, and the perpetrators responsible remain unidentified.

Two New Adware Variants Propagating on Android
Two new Android adware variants, Android.NewyearL.B and Android.Plankton.B have seen a large number of global infections in the past 90 days.

"The new advertising kits we are monitoring suggest that the authors behind this are working very hard to remain undetected," said David Maciejak, senior researcher for Fortinet's FortiGuard Labs. "It's also possible that Newyear and Plankton are being written by the same author, but being maintained separately in order to generate more infections."

Both pieces of malware are embedded into various applications and have the ability to display advertisements, track users through the phone's unique IMEI number, and modify the phone's desktop.

"The surge in Android adware can most likely be attributed to users installing what they believe are legitimate applications that contain the embedded adware code," said Guillaume Lovet, Senior Manager at FortiGuard Labs. "It suggests that someone or some group has been able to monetize these infections, most likely through illicit advertising affiliate programs."

Users can protect themselves by paying close attention to the rights asked by an application at the point of installation. It is also recommended to download mobile applications that have been highly rated and reviewed.

Q1 Threat Recap:

NBC.com
In February, using a popular cybercrime toolkit available in the cyber underground, attackers were able to leverage recently patched exploits in Oracle's Java and Adobe's PDF platforms to install the Citadel banking Trojan and ZeroAccess botnet onto systems that visited a number of NBC's digital properties. At the time of the attack, only three out of 46 popular antivirus applications were able to detect and mitigate this threat, and Fortinet's FortiClient was one of them.

"The reports of signature-based antivirus' death have been greatly exaggerated," said Derek Manky, global security strategist for Fortinet's FortiGuard Labs. "A signature is often used loosely to refer to a simple pattern to match a virus. But, as we've seen recently, that's not always the case. Fortinet signatures, for example, are highly intelligent, as they work with our antivirus engine to identify the intent of a virus. In a case like the NBC.com attack, advanced signatures are proven to be proactive and can help in the fight against advanced persistent threats (APTs) and zero-day attacks."

Today's APTs are able to defeat many technologies, including next generation firewalls. Building a network defense strategy that includes multiple layers of security is the best way to protect an infrastructure from attack. In the case of NBC, layers of security beyond traditional NGFW apply here -- Webfiltering, antivirus, intrusion prevision and application control all were involved.

Spamhaus
In March, global spam fighter The Spamhaus Project placed CyberBunker on their spam blacklist, which caused some groups sympathetic to the Dutch Web hosting provider to launch a sustained DDoS attack on Spamhaus. Content delivery provider CloudFlare was recruited to assist Spamhaus to help keep their blacklisting services available, but they, too, came under attack. At its peak, the attack on Spamhaus, CloudFlare and other groups reached a whopping 300 billion bits per second (Gbps), the largest online attack ever recorded. In what is referred to as a DNS Amplification attack, an attacking bot sends a spoofed request to an open DNS server and asks it to send back a large DNS file.

"As long as misconfigured or intentionally left open DNS servers exist, these types of attacks will continue and be difficult to protect against," Henderson maintained. "As botnet owners grow the size of their armies and diversify the ways in which they launch attacks, we're likely to see even larger attacks like this in the future," Henderson said.

About FortiGuard Labs
FortiGuard Labs compiled threat statistics and trends for this threat period based on data collected from FortiGate® network security appliances and intelligence systems in production worldwide. Customers who use Fortinet's FortiGuard Services should be protected against the vulnerabilities outlined in this report as long as the appropriate configuration parameters are in place.

FortiGuard Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail™ and FortiClient™ products.

Ongoing research can be found in the FortiGuard Center or via FortiGuard Labs' RSS feed. Additional discussion on security technologies and threat analysis can be found at the FortiGuard Blog.

Follow Fortinet Online: Twitter at: www.twitter.com/fortinet; Facebook at: www.facebook.com/fortinet; YouTube at: http://www.youtube.com/user/SecureNetworks.

About Fortinet (www.fortinet.com)
Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and a market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2012 Fortune Global 100. Fortinet's flagship FortiGate product delivers ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Fortinet's broad product line goes beyond UTM to help secure the extended enterprise -- from endpoints, to the perimeter and the core, including databases and applications. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.

Copyright © 2013 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB, FortiVoice and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties, and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, binding specification or other binding commitment by Fortinet, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.

FTNT-O

Add to Digg Bookmark with del.icio.us Add to Newsvine

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@ThingsExpo Stories
Silver Spring Networks, Inc. (NYSE: SSNI) extended its Internet of Things technology platform with performance enhancements to Gen5 – its fifth generation critical infrastructure networking platform. Already delivering nearly 23 million devices on five continents as one of the leading networking providers in the market, Silver Spring announced it is doubling the maximum speed of its Gen5 network to up to 2.4 Mbps, increasing computational performance by 10x, supporting simultaneous mesh communic...
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, will provide an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data profes...
SYS-CON Events announced today that Men & Mice, the leading global provider of DNS, DHCP and IP address management overlay solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. The Men & Mice Suite overlay solution is already known for its powerful application in heterogeneous operating environments, enabling enterprises to scale without fuss. Building on a solid range of diverse platform support,...
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
With an estimated 50 billion devices connected to the Internet by 2020, several industries will begin to expand their capabilities for retaining end point data at the edge to better utilize the range of data types and sheer volume of M2M data generated by the Internet of Things. In his session at @ThingsExpo, Don DeLoach, CEO and President of Infobright, will discuss the infrastructures businesses will need to implement to handle this explosion of data by providing specific use cases for filte...
SYS-CON Events announced today that VAI, a leading ERP software provider, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. VAI (Vormittag Associates, Inc.) is a leading independent mid-market ERP software developer renowned for its flexible solutions and ability to automate critical business functions for the distribution, manufacturing, specialty retail and service sectors. An IBM Premier Business Part...
Fortunately, meaningful and tangible business cases for IoT are plentiful in a broad array of industries and vertical markets. These range from simple warranty cost reduction for capital intensive assets, to minimizing downtime for vital business tools, to creating feedback loops improving product design, to improving and enhancing enterprise customer experiences. All of these business cases, which will be briefly explored in this session, hinge on cost effectively extracting relevant data from ...
As enterprises work to take advantage of Big Data technologies, they frequently become distracted by product-level decisions. In most new Big Data builds this approach is completely counter-productive: it presupposes tools that may not be a fit for development teams, forces IT to take on the burden of evaluating and maintaining unfamiliar technology, and represents a major up-front expense. In his session at @BigDataExpo at @ThingsExpo, Andrew Warfield, CTO and Co-Founder of Coho Data, will dis...
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies adopt disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advanced analytics, and DevO...
SYS-CON Events announced today that iDevices®, the preeminent brand in the connected home industry, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. iDevices, the preeminent brand in the connected home industry, has a growing line of HomeKit-enabled products available at the largest retailers worldwide. Through the “Designed with iDevices” co-development program and its custom-built IoT Cloud Infrastruc...
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 ad...
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management...
Eighty percent of a data scientist’s time is spent gathering and cleaning up data, and 80% of all data is unstructured and almost never analyzed. Cognitive computing, in combination with Big Data, is changing the equation by creating data reservoirs and using natural language processing to enable analysis of unstructured data sources. This is impacting every aspect of the analytics profession from how data is mined (and by whom) to how it is delivered. This is not some futuristic vision: it's ha...
With the Apple Watch making its way onto wrists all over the world, it’s only a matter of time before it becomes a staple in the workplace. In fact, Forrester reported that 68 percent of technology and business decision-makers characterize wearables as a top priority for 2015. Recognizing their business value early on, FinancialForce.com was the first to bring ERP to wearables, helping streamline communication across front and back office functions. In his session at @ThingsExpo, Kevin Roberts...
One of the bewildering things about DevOps is integrating the massive toolchain including the dozens of new tools that seem to crop up every year. Part of DevOps is Continuous Delivery and having a complex toolchain can add additional integration and setup to your developer environment. In his session at @DevOpsSummit at 18th Cloud Expo, Miko Matsumura, Chief Marketing Officer of Gradle Inc., will discuss which tools to use in a developer stack, how to provision the toolchain to minimize onboa...
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry's single source for the cloud. Fusion's advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including clou...
Most people haven’t heard the word, “gamification,” even though they probably, and perhaps unwittingly, participate in it every day. Gamification is “the process of adding games or game-like elements to something (as a task) so as to encourage participation.” Further, gamification is about bringing game mechanics – rules, constructs, processes, and methods – into the real world in an effort to engage people. In his session at @ThingsExpo, Robert Endo, owner and engagement manager of Intrepid D...
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
Learn how IoT, cloud, social networks and last but not least, humans, can be integrated into a seamless integration of cooperative organisms both cybernetic and biological. This has been enabled by recent advances in IoT device capabilities, messaging frameworks, presence and collaboration services, where devices can share information and make independent and human assisted decisions based upon social status from other entities. In his session at @ThingsExpo, Michael Heydt, founder of Seamless...