Click here to close now.

Welcome!

Eclipse Authors: Sematext Blog, Marcin Warpechowski, Trevor Parsons, Michael Meiner, Carmen Gonzalez

News Feed Item

Fortinet(R)'s FortiGuard Threat Landscape Research Team Reports That Bitcoin Botnet, ZeroAccess, Was the Number One Threat This Quarter

Team Also Reveals Information on South Korea Attacks and Two New Android Adware Variants

SUNNYVALE, CA -- (Marketwired) -- 04/10/13 -- Fortinet® (NASDAQ: FTNT) -- a world leader in high-performance network security -- today announced the findings of its FortiGuard threat landscape research for the period of January 1 - March 31, 2013. FortiGuard® Labs observed that the Bitcoin mining botnet, ZeroAccess, was the number one threat this quarter as reported by FortiGate devices worldwide. The report also reveals analysis of the South Korea cyberattacks and two new Android adware variants that have climbed the watch list in the last 90 days.

ZeroAccess Shows No Signs of Slowing
"In the first quarter of 2013, we have seen owners of the ZeroAccess botnet maintain and expand the number of bots under its control," said Richard Henderson, security strategist and threat researcher for Fortinet's FortiGuard Labs. "In the last 90 days, the owners of ZeroAccess have sent their infected hosts 20 software updates."

Based on reporting from FortiGate devices worldwide, ZeroAccess is the number one botnet threat the team is seeing. ZeroAccess is used primarily for click fraud and Bitcoin mining. The value of the decentralized, open source-based digital currency continues to skyrocket, which likely means the amount of money being made by ZeroAccess is in the millions of dollars or more.

"As Bitcoin's popularity and value increases, we may see other botnet owners attempt to utilize their botnets in similar fashions or to disrupt the Bitcoin market," Henderson continued.

In March and into April, Mt. Gox, the largest Bitcoin Exchange in the world, battled a continued Distributed Denial of Service (DDoS) attack in an attempt to destabilize the currency and/or profit from it. FortiGuard Labs' analysis of ZeroAccess, which has the capability to load DDoS modules onto infected machines, revealed that the botnet does not currently have a DDoS module attached to its arsenal. This suggests other botnet owners are attempting to profit from fluctuations in the Bitcoin currency.

The growth of new ZeroAccess infections has remained constant in the last 90 days. Since FortiGuard Labs began actively monitoring ZeroAccess in August 2012, the team has seen a virtually linear amount of growth in new infections. Most recently, the team is seeing a staggering 100,000 new infections per week and almost 3 million unique IP addresses reporting infections. It's estimated that ZeroAccess may be generating its owners up to $100,000 per day in fraudulent advertising revenue alone.

Wiper Attack Hits South Korea Companies
A massive malware attack on South Korean television networks and financial institutions in March caused wide-scale damage, wiping thousands of hard drives. FortiGuard Labs, leveraging its partnerships with both the public and private sector in South Korea, has uncovered information relating to the nature of the attack and how the malware was spread. The team's research shows the attackers were able to seize control of patch management systems and use the trusted nature of those systems to distribute malware within their targets' networks.

"During out investigation of the attacks, we discovered that a version of the wiper malware was able to infect internal security management servers and use the trusted nature of that internal server to spread infections inside the victim's network," said Kyle Yang, Senior Manager of Antivirus at FortiGuard Labs.

Cleanup and restoration continues, and the perpetrators responsible remain unidentified.

Two New Adware Variants Propagating on Android
Two new Android adware variants, Android.NewyearL.B and Android.Plankton.B have seen a large number of global infections in the past 90 days.

"The new advertising kits we are monitoring suggest that the authors behind this are working very hard to remain undetected," said David Maciejak, senior researcher for Fortinet's FortiGuard Labs. "It's also possible that Newyear and Plankton are being written by the same author, but being maintained separately in order to generate more infections."

Both pieces of malware are embedded into various applications and have the ability to display advertisements, track users through the phone's unique IMEI number, and modify the phone's desktop.

"The surge in Android adware can most likely be attributed to users installing what they believe are legitimate applications that contain the embedded adware code," said Guillaume Lovet, Senior Manager at FortiGuard Labs. "It suggests that someone or some group has been able to monetize these infections, most likely through illicit advertising affiliate programs."

Users can protect themselves by paying close attention to the rights asked by an application at the point of installation. It is also recommended to download mobile applications that have been highly rated and reviewed.

Q1 Threat Recap:

NBC.com
In February, using a popular cybercrime toolkit available in the cyber underground, attackers were able to leverage recently patched exploits in Oracle's Java and Adobe's PDF platforms to install the Citadel banking Trojan and ZeroAccess botnet onto systems that visited a number of NBC's digital properties. At the time of the attack, only three out of 46 popular antivirus applications were able to detect and mitigate this threat, and Fortinet's FortiClient was one of them.

"The reports of signature-based antivirus' death have been greatly exaggerated," said Derek Manky, global security strategist for Fortinet's FortiGuard Labs. "A signature is often used loosely to refer to a simple pattern to match a virus. But, as we've seen recently, that's not always the case. Fortinet signatures, for example, are highly intelligent, as they work with our antivirus engine to identify the intent of a virus. In a case like the NBC.com attack, advanced signatures are proven to be proactive and can help in the fight against advanced persistent threats (APTs) and zero-day attacks."

Today's APTs are able to defeat many technologies, including next generation firewalls. Building a network defense strategy that includes multiple layers of security is the best way to protect an infrastructure from attack. In the case of NBC, layers of security beyond traditional NGFW apply here -- Webfiltering, antivirus, intrusion prevision and application control all were involved.

Spamhaus
In March, global spam fighter The Spamhaus Project placed CyberBunker on their spam blacklist, which caused some groups sympathetic to the Dutch Web hosting provider to launch a sustained DDoS attack on Spamhaus. Content delivery provider CloudFlare was recruited to assist Spamhaus to help keep their blacklisting services available, but they, too, came under attack. At its peak, the attack on Spamhaus, CloudFlare and other groups reached a whopping 300 billion bits per second (Gbps), the largest online attack ever recorded. In what is referred to as a DNS Amplification attack, an attacking bot sends a spoofed request to an open DNS server and asks it to send back a large DNS file.

"As long as misconfigured or intentionally left open DNS servers exist, these types of attacks will continue and be difficult to protect against," Henderson maintained. "As botnet owners grow the size of their armies and diversify the ways in which they launch attacks, we're likely to see even larger attacks like this in the future," Henderson said.

About FortiGuard Labs
FortiGuard Labs compiled threat statistics and trends for this threat period based on data collected from FortiGate® network security appliances and intelligence systems in production worldwide. Customers who use Fortinet's FortiGuard Services should be protected against the vulnerabilities outlined in this report as long as the appropriate configuration parameters are in place.

FortiGuard Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail™ and FortiClient™ products.

Ongoing research can be found in the FortiGuard Center or via FortiGuard Labs' RSS feed. Additional discussion on security technologies and threat analysis can be found at the FortiGuard Blog.

Follow Fortinet Online: Twitter at: www.twitter.com/fortinet; Facebook at: www.facebook.com/fortinet; YouTube at: http://www.youtube.com/user/SecureNetworks.

About Fortinet (www.fortinet.com)
Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and a market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2012 Fortune Global 100. Fortinet's flagship FortiGate product delivers ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Fortinet's broad product line goes beyond UTM to help secure the extended enterprise -- from endpoints, to the perimeter and the core, including databases and applications. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.

Copyright © 2013 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB, FortiVoice and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties, and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, binding specification or other binding commitment by Fortinet, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.

FTNT-O

Add to Digg Bookmark with del.icio.us Add to Newsvine

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@ThingsExpo Stories
Sensor-enabled things are becoming more commonplace, precursors to a larger and more complex framework that most consider the ultimate promise of the IoT: things connecting, interacting, sharing, storing, and over time perhaps learning and predicting based on habits, behaviors, location, preferences, purchases and more. In his session at @ThingsExpo, Tom Wesselman, Director of Communications Ecosystem Architecture at Plantronics, will examine the still nascent IoT as it is coalescing, including what it is today, what it might ultimately be, the role of wearable tech, and technology gaps stil...
With several hundred implementations of IoT-enabled solutions in the past 12 months alone, this session will focus on experience over the art of the possible. Many can only imagine the most advanced telematics platform ever deployed, supporting millions of customers, producing tens of thousands events or GBs per trip, and hundreds of TBs per month. With the ability to support a billion sensor events per second, over 30PB of warm data for analytics, and hundreds of PBs for an data analytics archive, in his session at @ThingsExpo, Jim Kaskade, Vice President and General Manager, Big Data & Ana...
In the consumer IoT, everything is new, and the IT world of bits and bytes holds sway. But industrial and commercial realms encompass operational technology (OT) that has been around for 25 or 50 years. This grittier, pre-IP, more hands-on world has much to gain from Industrial IoT (IIoT) applications and principles. But adding sensors and wireless connectivity won’t work in environments that demand unwavering reliability and performance. In his session at @ThingsExpo, Ron Sege, CEO of Echelon, will discuss how as enterprise IT embraces other IoT-related technology trends, enterprises with i...
When it comes to the Internet of Things, hooking up will get you only so far. If you want customers to commit, you need to go beyond simply connecting products. You need to use the devices themselves to transform how you engage with every customer and how you manage the entire product lifecycle. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, will show how “product relationship management” can help you leverage your connected devices and the data they generate about customer usage and product performance to deliver extremely compelling and reliabl...
The Internet of Things (IoT) is causing data centers to become radically decentralized and atomized within a new paradigm known as “fog computing.” To support IoT applications, such as connected cars and smart grids, data centers' core functions will be decentralized out to the network's edges and endpoints (aka “fogs”). As this trend takes hold, Big Data analytics platforms will focus on high-volume log analysis (aka “logs”) and rely heavily on cognitive-computing algorithms (aka “cogs”) to make sense of it all.
One of the biggest impacts of the Internet of Things is and will continue to be on data; specifically data volume, management and usage. Companies are scrambling to adapt to this new and unpredictable data reality with legacy infrastructure that cannot handle the speed and volume of data. In his session at @ThingsExpo, Don DeLoach, CEO and president of Infobright, will discuss how companies need to rethink their data infrastructure to participate in the IoT, including: Data storage: Understanding the kinds of data: structured, unstructured, big/small? Analytics: What kinds and how responsiv...
Since 2008 and for the first time in history, more than half of humans live in urban areas, urging cities to become “smart.” Today, cities can leverage the wide availability of smartphones combined with new technologies such as Beacons or NFC to connect their urban furniture and environment to create citizen-first services that improve transportation, way-finding and information delivery. In her session at @ThingsExpo, Laetitia Gazel-Anthoine, CEO of Connecthings, will focus on successful use cases.
Sensor-enabled things are becoming more commonplace, precursors to a larger and more complex framework that most consider the ultimate promise of the IoT: things connecting, interacting, sharing, storing, and over time perhaps learning and predicting based on habits, behaviors, location, preferences, purchases and more. In his session at @ThingsExpo, Tom Wesselman, Director of Communications Ecosystem Architecture at Plantronics, will examine the still nascent IoT as it is coalescing, including what it is today, what it might ultimately be, the role of wearable tech, and technology gaps stil...
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impact.
Wearable devices have come of age. The primary applications of wearables so far have been "the Quantified Self" or the tracking of one's fitness and health status. We propose the evolution of wearables into social and emotional communication devices. Our BE(tm) sensor uses light to visualize the skin conductance response. Our sensors are very inexpensive and can be massively distributed to audiences or groups of any size, in order to gauge reactions to performances, video, or any kind of presentation. In her session at @ThingsExpo, Jocelyn Scheirer, CEO & Founder of Bionolux, will discuss ho...
Roberto Medrano, Executive Vice President at SOA Software, had reached 30,000 page views on his home page - http://RobertoMedrano.SYS-CON.com/ - on the SYS-CON family of online magazines, which includes Cloud Computing Journal, Internet of Things Journal, Big Data Journal, and SOA World Magazine. He is a recognized executive in the information technology fields of SOA, internet security, governance, and compliance. He has extensive experience with both start-ups and large companies, having been involved at the beginning of four IT industries: EDA, Open Systems, Computer Security and now SOA.
The industrial software market has treated data with the mentality of “collect everything now, worry about how to use it later.” We now find ourselves buried in data, with the pervasive connectivity of the (Industrial) Internet of Things only piling on more numbers. There’s too much data and not enough information. In his session at @ThingsExpo, Bob Gates, Global Marketing Director, GE’s Intelligent Platforms business, to discuss how realizing the power of IoT, software developers are now focused on understanding how industrial data can create intelligence for industrial operations. Imagine ...
Operational Hadoop and the Lambda Architecture for Streaming Data Apache Hadoop is emerging as a distributed platform for handling large and fast incoming streams of data. Predictive maintenance, supply chain optimization, and Internet-of-Things analysis are examples where Hadoop provides the scalable storage, processing, and analytics platform to gain meaningful insights from granular data that is typically only valuable from a large-scale, aggregate view. One architecture useful for capturing and analyzing streaming data is the Lambda Architecture, representing a model of how to analyze rea...
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes for use cases across the industrial, enterprise, and consumer segments.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
SYS-CON Events announced today that Open Data Centers (ODC), a carrier-neutral colocation provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Open Data Centers is a carrier-neutral data center operator in New Jersey and New York City offering alternative connectivity options for carriers, service providers and enterprise customers.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
PubNub on Monday has announced that it is partnering with IBM to bring its sophisticated real-time data streaming and messaging capabilities to Bluemix, IBM’s cloud development platform. “Today’s app and connected devices require an always-on connection, but building a secure, scalable solution from the ground up is time consuming, resource intensive, and error-prone,” said Todd Greene, CEO of PubNub. “PubNub enables web, mobile and IoT developers building apps on IBM Bluemix to quickly add scalable realtime functionality with minimal effort and cost.”
SYS-CON Events announced today that GENBAND, a leading developer of real time communications software solutions, has been named “Silver Sponsor” of SYS-CON's WebRTC Summit, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. The GENBAND team will be on hand to demonstrate their newest product, Kandy. Kandy is a communications Platform-as-a-Service (PaaS) that enables companies to seamlessly integrate more human communications into their Web and mobile applications - creating more engaging experiences for their customers and boosting collaboration and productiv...
From telemedicine to smart cars, digital homes and industrial monitoring, the explosive growth of IoT has created exciting new business opportunities for real time calls and messaging. In his session at @ThingsExpo, Ivelin Ivanov, CEO and Co-Founder of Telestax, shared some of the new revenue sources that IoT created for Restcomm – the open source telephony platform from Telestax. Ivelin Ivanov is a technology entrepreneur who founded Mobicents, an Open Source VoIP Platform, to help create, deploy, and manage applications integrating voice, video and data. He is the co-founder of TeleStax, a...