Welcome!

Eclipse Authors: Pat Romanski, Elizabeth White, Liz McMillan, David H Deans, JP Morgenthal

News Feed Item

Fortinet(R)'s FortiGuard Threat Landscape Research Team Reports That Bitcoin Botnet, ZeroAccess, Was the Number One Threat This Quarter

Team Also Reveals Information on South Korea Attacks and Two New Android Adware Variants

SUNNYVALE, CA -- (Marketwired) -- 04/10/13 -- Fortinet® (NASDAQ: FTNT) -- a world leader in high-performance network security -- today announced the findings of its FortiGuard threat landscape research for the period of January 1 - March 31, 2013. FortiGuard® Labs observed that the Bitcoin mining botnet, ZeroAccess, was the number one threat this quarter as reported by FortiGate devices worldwide. The report also reveals analysis of the South Korea cyberattacks and two new Android adware variants that have climbed the watch list in the last 90 days.

ZeroAccess Shows No Signs of Slowing
"In the first quarter of 2013, we have seen owners of the ZeroAccess botnet maintain and expand the number of bots under its control," said Richard Henderson, security strategist and threat researcher for Fortinet's FortiGuard Labs. "In the last 90 days, the owners of ZeroAccess have sent their infected hosts 20 software updates."

Based on reporting from FortiGate devices worldwide, ZeroAccess is the number one botnet threat the team is seeing. ZeroAccess is used primarily for click fraud and Bitcoin mining. The value of the decentralized, open source-based digital currency continues to skyrocket, which likely means the amount of money being made by ZeroAccess is in the millions of dollars or more.

"As Bitcoin's popularity and value increases, we may see other botnet owners attempt to utilize their botnets in similar fashions or to disrupt the Bitcoin market," Henderson continued.

In March and into April, Mt. Gox, the largest Bitcoin Exchange in the world, battled a continued Distributed Denial of Service (DDoS) attack in an attempt to destabilize the currency and/or profit from it. FortiGuard Labs' analysis of ZeroAccess, which has the capability to load DDoS modules onto infected machines, revealed that the botnet does not currently have a DDoS module attached to its arsenal. This suggests other botnet owners are attempting to profit from fluctuations in the Bitcoin currency.

The growth of new ZeroAccess infections has remained constant in the last 90 days. Since FortiGuard Labs began actively monitoring ZeroAccess in August 2012, the team has seen a virtually linear amount of growth in new infections. Most recently, the team is seeing a staggering 100,000 new infections per week and almost 3 million unique IP addresses reporting infections. It's estimated that ZeroAccess may be generating its owners up to $100,000 per day in fraudulent advertising revenue alone.

Wiper Attack Hits South Korea Companies
A massive malware attack on South Korean television networks and financial institutions in March caused wide-scale damage, wiping thousands of hard drives. FortiGuard Labs, leveraging its partnerships with both the public and private sector in South Korea, has uncovered information relating to the nature of the attack and how the malware was spread. The team's research shows the attackers were able to seize control of patch management systems and use the trusted nature of those systems to distribute malware within their targets' networks.

"During out investigation of the attacks, we discovered that a version of the wiper malware was able to infect internal security management servers and use the trusted nature of that internal server to spread infections inside the victim's network," said Kyle Yang, Senior Manager of Antivirus at FortiGuard Labs.

Cleanup and restoration continues, and the perpetrators responsible remain unidentified.

Two New Adware Variants Propagating on Android
Two new Android adware variants, Android.NewyearL.B and Android.Plankton.B have seen a large number of global infections in the past 90 days.

"The new advertising kits we are monitoring suggest that the authors behind this are working very hard to remain undetected," said David Maciejak, senior researcher for Fortinet's FortiGuard Labs. "It's also possible that Newyear and Plankton are being written by the same author, but being maintained separately in order to generate more infections."

Both pieces of malware are embedded into various applications and have the ability to display advertisements, track users through the phone's unique IMEI number, and modify the phone's desktop.

"The surge in Android adware can most likely be attributed to users installing what they believe are legitimate applications that contain the embedded adware code," said Guillaume Lovet, Senior Manager at FortiGuard Labs. "It suggests that someone or some group has been able to monetize these infections, most likely through illicit advertising affiliate programs."

Users can protect themselves by paying close attention to the rights asked by an application at the point of installation. It is also recommended to download mobile applications that have been highly rated and reviewed.

Q1 Threat Recap:

NBC.com
In February, using a popular cybercrime toolkit available in the cyber underground, attackers were able to leverage recently patched exploits in Oracle's Java and Adobe's PDF platforms to install the Citadel banking Trojan and ZeroAccess botnet onto systems that visited a number of NBC's digital properties. At the time of the attack, only three out of 46 popular antivirus applications were able to detect and mitigate this threat, and Fortinet's FortiClient was one of them.

"The reports of signature-based antivirus' death have been greatly exaggerated," said Derek Manky, global security strategist for Fortinet's FortiGuard Labs. "A signature is often used loosely to refer to a simple pattern to match a virus. But, as we've seen recently, that's not always the case. Fortinet signatures, for example, are highly intelligent, as they work with our antivirus engine to identify the intent of a virus. In a case like the NBC.com attack, advanced signatures are proven to be proactive and can help in the fight against advanced persistent threats (APTs) and zero-day attacks."

Today's APTs are able to defeat many technologies, including next generation firewalls. Building a network defense strategy that includes multiple layers of security is the best way to protect an infrastructure from attack. In the case of NBC, layers of security beyond traditional NGFW apply here -- Webfiltering, antivirus, intrusion prevision and application control all were involved.

Spamhaus
In March, global spam fighter The Spamhaus Project placed CyberBunker on their spam blacklist, which caused some groups sympathetic to the Dutch Web hosting provider to launch a sustained DDoS attack on Spamhaus. Content delivery provider CloudFlare was recruited to assist Spamhaus to help keep their blacklisting services available, but they, too, came under attack. At its peak, the attack on Spamhaus, CloudFlare and other groups reached a whopping 300 billion bits per second (Gbps), the largest online attack ever recorded. In what is referred to as a DNS Amplification attack, an attacking bot sends a spoofed request to an open DNS server and asks it to send back a large DNS file.

"As long as misconfigured or intentionally left open DNS servers exist, these types of attacks will continue and be difficult to protect against," Henderson maintained. "As botnet owners grow the size of their armies and diversify the ways in which they launch attacks, we're likely to see even larger attacks like this in the future," Henderson said.

About FortiGuard Labs
FortiGuard Labs compiled threat statistics and trends for this threat period based on data collected from FortiGate® network security appliances and intelligence systems in production worldwide. Customers who use Fortinet's FortiGuard Services should be protected against the vulnerabilities outlined in this report as long as the appropriate configuration parameters are in place.

FortiGuard Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail™ and FortiClient™ products.

Ongoing research can be found in the FortiGuard Center or via FortiGuard Labs' RSS feed. Additional discussion on security technologies and threat analysis can be found at the FortiGuard Blog.

Follow Fortinet Online: Twitter at: www.twitter.com/fortinet; Facebook at: www.facebook.com/fortinet; YouTube at: http://www.youtube.com/user/SecureNetworks.

About Fortinet (www.fortinet.com)
Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and a market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2012 Fortune Global 100. Fortinet's flagship FortiGate product delivers ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Fortinet's broad product line goes beyond UTM to help secure the extended enterprise -- from endpoints, to the perimeter and the core, including databases and applications. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.

Copyright © 2013 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB, FortiVoice and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties, and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, binding specification or other binding commitment by Fortinet, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.

FTNT-O

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Rick Popko
Fortinet, Inc.
408-486-7853
[email protected]

Investor Contact:
Michelle Spolver
Fortinet, Inc.
408-486-7837
[email protected]

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@ThingsExpo Stories
Most people haven’t heard the word, “gamification,” even though they probably, and perhaps unwittingly, participate in it every day. Gamification is “the process of adding games or game-like elements to something (as a task) so as to encourage participation.” Further, gamification is about bringing game mechanics – rules, constructs, processes, and methods – into the real world in an effort to engage people. In his session at @ThingsExpo, Robert Endo, owner and engagement manager of Intrepid D...
Recently, WebRTC has a lot of eyes from market. The use cases of WebRTC are expanding - video chat, online education, online health care etc. Not only for human-to-human communication, but also IoT use cases such as machine to human use cases can be seen recently. One of the typical use-case is remote camera monitoring. With WebRTC, people can have interoperability and flexibility for deploying monitoring service. However, the benefit of WebRTC for IoT is not only its convenience and interopera...
Michael Maximilien, better known as max or Dr. Max, is a computer scientist with IBM. At IBM Research Triangle Park, he was a principal engineer for the worldwide industry point-of-sale standard: JavaPOS. At IBM Research, some highlights include pioneering research on semantic Web services, mashups, and cloud computing, and platform-as-a-service. He joined the IBM Cloud Labs in 2014 and works closely with Pivotal Inc., to help make the Cloud Found the best PaaS.
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution. In his session at @ThingsExpo, Akvelon expert and IoT industry leader Sergey Grebnov provided an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Personalization has long been the holy grail of marketing. Simply stated, communicate the most relevant offer to the right person and you will increase sales. To achieve this, you must understand the individual. Consequently, digital marketers developed many ways to gather and leverage customer information to deliver targeted experiences. In his session at @ThingsExpo, Lou Casal, Founder and Principal Consultant at Practicala, discussed how the Internet of Things (IoT) has accelerated our abilit...
In his session at Cloud Expo, Alan Winters, U.S. Head of Business Development at MobiDev, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to maximize project result...
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices to ...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessio...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smart...