Each week FortiGuard Labs releases a Threat Brief to present some of the more notable hot topics and threats from the week's threat landscape.
- This week we start off discussing our cyber threat landscape predictions from FortiGuard's Chief of Security Insights and Global Threat Intelligence, Derek Manky. Derek's predictions include:
- Intelligent swarms of customizable bots grouped by specific attack-functions, designed to share and learn from each other in real-time, could attack an organizations and overwhelm its ability to defend itself
- The adoption of 5G is likely the impetus for the development of these swarm-based attacks
- Combining machine learning with statistical analysis will help organizations develop customized playbooks to enhance their ability to detect detect specific threats based on a cyber-fingerprint and intervene mid-attack be being able to predict an attacker’s next moves
- The use of deception technologies is going to spark a counterintelligence war by the Black Hat community, similar to how virtualization and sandboxing have led to their development of sophisticated evasion technique
- A recent spam campaign was sent pretending to be a critical Microsoft Windows update, but instead attempts to install the Cyborg ransomware. The suspect email comes with a spoofed attachment that is actually an executable file with a malicious .NET downloader that delivers additional malware. The malware builder is hosted on the GitHub developer platform, which makes it easily accessible for others to create their own ransomware variants.
- We also discuss an interesting custom packer tool, called Frenchy. While most packers are intended to simply unpack, Frenchy goes much further and we are already seeing this new packer being used in different malware campaigns.
- You can read about the APT33 group that has been infecting the oil industry with destructive malware since 2018. This group leverages botnets that link to its own C&C server, comprised of a small group of infected computers used to gain persistence within the network of a selected target.
- PureLocker is a newly discovered ransomware run by several well-known, financially motivated threat actor groups: FIN6, Cobalt Gang, and Cobalt Spider. PureLocker is sold on the dark web by a veteran Malware-as-a-Service provider. This particular malware is written in PureBasic, which makes it easier to port the malware between various operating systems.
You can find more details about these and other issues in the FortiGuard Labs Weekly Threat Intelligence Brief. Read this week's issue and subscribe to the weekly email distribution.