Skip to content Skip to navigation Skip to footer

AI-Powered Threat Intelligence for an Evolving Digital World

As cyber threats continue to grow and evolve, so does the need for innovative solutions and reliable threat intelligence. Using millions of global network sensors, FortiGuard Labs monitors the worldwide attack surface and employs artificial intelligence (AI) to mine that data for new threats, ensuring you are prepared for what’s coming.


Active Outbreak Alerts

When a cybersecurity attack with large ramifications affects numerous organizations, FortiGuard Outbreak Alerts are here to help you understand what happened, learn the technical details of the attack, and how you can protect yourself now and in the future.

Outbreak Alert Icon
May 23, 2024
Severity: critical
D-Link Multiple Devices Attack
Attack Type: Attack

What is the D-Link Multiple Devices Attack?
FortiGuard Labs observed a critical level of attack attempts in the wild targeting multiple vulnerabilities found on different D-Link Routers and NAS devices. Read more

What is the FortiGuard Labs analysis? 

FortiGuard Labs telemetry shows continued attacks targeting D-Link devices. 50,000+ unique IPS devices blocked these attempted attacks in the week of the release of the outbreak. The exploits have been available publicly and as of now, we are not aware of any patches available from the vendor as many of the impacted products are End-of-Life products that may not be supported anymore. Users are requested to review the impacted products and follow vendor guidelines for mitigating risks.

How does Fortinet detect and protect against the attack?

  • To detect and block any traffic targeting the related vulnerabilities, the FortiGuard IPS signatures are available.
  • To detect and respond to the attack, the FortiGuard Outbreak Detection service provides an automatic event handler and reports via FortiAnalyzer.
  • Indicators of Compromise Service are available for Threat Hunting via FortiAnalyzer, FortiSIEM, and FortiSOAR.
  • Automated post-execution, threat detection, and response against advanced file-less threats using behavior-based detection via FortiSandbox and FortiXDR.

Where can I find additional information? 

An Outbreak Alert report is posted on FortiGuard.com, it provides details on all the FortiGuard services that provide detection, and protection, as well as how to respond, recover, and identify the attack. Read less

icon black basta white
May 13, 2024
Severity: critical
Black Basta Ransomware
Attack Type: Ransomware

What is the Black Basta Ransomware?
Black Basta is a type of ransomware-as-a-service (RaaS) that was first discovered in April 2022. Since then, its affiliates have targeted numerous businesses and critical infrastructure in North America, Europe, and Australia. By May 2024, Black Basta has impacted over 500 organizations worldwide. This Ransomware-as-a-Service (RaaS) model not only offers ransomware service, but also facilitates an infrastructure for payment processing, and ransom negotiation, and provides technical support to its affiliates. Read more

What is the FortiGuard Labs analysis?

FortiGuard Labs continues to observe detections in the wild related to the BlackBasta ransomware group. The ransomware has been seen to use techniques to gain initial access such as phishing and exploiting public facing applications. It previously exploited the PrintNightmare (CVE-2021-34527), ZeroLogon (CVE-2020-1472) and Follina (CVE-2022-30190) vulnerabilities, and recently, it exploited the ConnectWise vulnerability (CVE-2024-1709).

How does Fortinet detect and protect against Black Basta Ransomware?

  • To detect and block known malware related to the Black Basta Ransomware, the FortiGuard AV signatures are available.
  • To detect and block unknown malware via behavior-based detection and during pre-execution using FortiSandbox and FortiEDR, respectively.
  • To detect and respond to the attack, the FortiGuard Outbreak Detection service provides an automatic event handler and reports via FortiAnalyzer.
  • Indicators of Compromise Services are available for Threat Hunting via FortiAnalyzer, FortiSIEM, and FortiSOAR.

Where can I find additional information? 

An Outbreak Alert report is posted on the FortiGuard Labs website. It provides details on all the FortiGuard services that provide detection and protection, as well as how to respond, recover, and identify the attack.

Read less

 

Outbreak Alert Icon
Apr 25, 2024
Severity: high
C-DATA Web Management System RCE Attack
Attack Type: Attack

What is the C-DATA Web Management System RCE Attack?
FortiGuard Labs observed a critical level of attack attempts in the wild targeting a 2-year-old vulnerability found on C-DATA Web Management System. The vulnerability CVE-2022-4257 allows a remote attacker to execute arbitrary commands on the target system. Read more

What is the FortiGuard Labs analysis? 

FortiGuard Labs telemetry shows attack attempts on over 40,000+ unique IPS devices in the week of the release of this outbreak. The majority of the blocked attacks are from IPS devices located in Japan, the United States, and Australia. The exploit has been available publicly, and as of now, we are not aware of any patches available from the vendor.

How does Fortinet detect and protect against the attack?

  • To detect and block any traffic targeting the related vulnerability, the FortiGuard IPS signature is available.
  • To detect and block known malware related to the vulnerability, the FortiGuard AV signatures are available. 
  • To detect and respond to the attack, the FortiGuard Outbreak Detection service provides an automatic event handler and reports via FortiAnalyzer.
  • Indicators of Compromise Service are available for Threat Hunting via FortiAnalyzer, FortiSIEM, and FortiSOAR.
  • Automated post-execution, threat detection, and response against advanced threats such as fileless threats using behavior-based detection via FortiSandbox and FortiXDR.

Where can I find additional information? 

An Outbreak Alert report is posted on the FortiGuard Labs website, it provides details on all the FortiGuard services that provide detection, and protection, as well as how to respond, recover, and identify the attack.  Read less

 

Subscribe today to have outbreak alerts delivered to your inbox info tooltip Cyberattacks can occur at any time. The number of outbreak alerts you receive can vary anywhere from once per month to several times per week.

FortiGuard Labs Media & Resources

Join Fortinet's top threat experts as they delve into today's critical cybersecurity topics and the ever-evolving cyber threat landscape.

      Threat Intelligence Podcast

Threat Intelligence Podcast

Latest Ransomware Trends and Strategies (Episode 59)

Join us for another episode of the FortiGuard Labs Threat Intelligence Podcast as Jonas Walker and Aamir Lakhani join forces to discuss the recent MOVEit vulnerability and how the Cl0p ransomware groups have orchestrated an extensive campaign around it, making over $100M in revenue.

Listen Now
Blog Posts

Blog Posts

Blogs
zEus Stealer Distributed via Crafted Minecraft Source Pack | FortiGuard Labs
zEus Stealer Distributed via Crafted Minecraft Source Pack | FortiGuard Labs »

FortiGuard Labs analysis of a zEus batch stealer distributed via a crafted Minecraft source pack. Learn more.

Key Findings from the 2H 2023 FortiGuard Labs Threat Report | FortiGuard Labs
Key Findings from the 2H 2023 FortiGuard Labs Threat Report | FortiGuard Labs »

In this report, we examine the cyberthreat landscape in 2H 2023 to identify trends and offer insights on what security professionals should know.

New “Goldoon” Botnet Targeting D-Link Devices | FortiGuard Labs
New “Goldoon” Botnet Targeting D-Link Devices | FortiGuard Labs »

FortiGuard Labs discovered the new botnet “Goldoon” targeting D-Link devices through related vulnerability CVE-2015-2051. Learn more.

Ransomware Roundup - KageNoHitobito and DoNex | FortiGuard Labs
Ransomware Roundup - KageNoHitobito and DoNex | FortiGuard Labs »

The KageNoHitobito and DoNex are recent ransomware that are financially motivated, demanding payment from victims to decrypt files. Learn more.

Unraveling Cyber Threats: Insights from Code Analysis | FortiGuard Labs
Unraveling Cyber Threats: Insights from Code Analysis | FortiGuard Labs »

FortiGuard Labs unearthed a malicious PyPi package that aims to extract sensitive information from unsuspecting victims. Get an analysis of its origins and propagation methods.

Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread | FortiGuard Labs
Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread | FortiGuard Labs »

FortiGuard Labs unveils Moobot, Miori, AGoent, Gafgyt and more exploiting TP-Link Archer AX21 vulnerability CVE-2023-1389. Learn more.

ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins | FortiGuard Labs
ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins | FortiGuard Labs »

FortiGuard Labs uncovered a threat actor using ScrubCrypt to spread VenomRAT along with multiple RATs. Learn more.

Byakugan – The Malware Behind a Phishing Attack | FortiGuard Labs
Byakugan – The Malware Behind a Phishing Attack | FortiGuard Labs »

FortiGuard Labs has uncovered the Byakugan malware behind a recent malware campaign distributed by malicious PDF files. Learn more.

Latest Reports

Latest Reports

Latest Reports & On-demand Video

Reports
White Papers
Global Threat Landscape Report, 2H 2023
Global Threat Landscape Report, 2H 2023 »

FortiGuard Labs Global Threat Landscape Report offers a snapshot of the active threat landscape and highlights the latest industry trends.

FortiGuard Labs Outbreak Alerts Annual Report 2023
FortiGuard Labs Outbreak Alerts Annual Report 2023 »

Gain an in-depth understanding of various threat categories, including vulnerabilities, targeted attacks, ransomware campaigns, and OT- and IoT-related threats.

Cyber Threat Predictions for 2024
Cyber Threat Predictions for 2024 »

FortiGuard Labs’ threat predictions report examines a new era of advanced persistent cybercrime, discusses how AI is changing the attack game, and shares fresh trends to watch for in 2024.

FortiGuard Incident Response Report H1 – 2023
FortiGuard Incident Response Report H1 – 2023 »

The FortiGuard Incident Response team provides both proactive and reactive incident response services, which are platform-agnostic and available to all organizations across the globe. Incident response teams like ours get unique exposure to attacks and threat vectors compared to many teams working in the cybersecurity field as we are often involved in investigating incidents where the victim’s defenses have failed.

Global Threat Landscape Report, 1H 2023
Global Threat Landscape Report, 1H 2023 »

FortiGuard Labs 1H 2023 Global Threat Landscape Report provides valuable intelligence and early warning for potential threat activity.

Cyber Threat Predictions for 2023
Cyber Threat Predictions for 2023 »

An Annual Perspective by FortiGuard Labs

Global Threat Landscape Report, 2H 2022
Global Threat Landscape Report, 2H 2022 »

New vulnerabilities are on the rise, but don’t count out the old. Don’t become a statistic - get the latest Global Threat Landscape report.


FortiGuard Labs Partners

FortiGuard Labs believes that sharing intelligence and working with other threat intelligence organizations improves protections for customers and enhances the effectiveness of the entire cybersecurity industry. Our leadership helps take the fight to our adversaries and produces a more successful disruption model by leveraging these relationships.

Cyber Threat Alliance: Solving Actionable Intelligence Through A Diverse Ecosystem

Cyber Threat Alliance: Solving Actionable Intelligence Through A Diverse Ecosystem

For decades we have been faced with the classic ‘last mile’ challenge when it comes to information sharing and threat intelligence.

Watch Now
Fortinet Elevates Its Commitment to MITRE Engenuity Center for Threat-Informed Defense

Fortinet Elevates Its Commitment to MITRE Engenuity Center for Threat-Informed Defense

Fortinet is now an official Research Partner with MITRE Engenuity’s Center for Threat-Informed Defense (Center).

Read Blog

Security Services

Our experts develop and utilize leading-edge machine learning (ML) and artificial intelligence (AI) technologies to provide timely and consistently top-rated protection and actionable threat intelligence. This enables IT and security teams to better secure their organizations. FortiGuard Labs is the driving force behind FortiGuard AI-powered Security Services. Its services counter threats in real-time with ML-powered, coordinated protection and are natively integrated into the Fortinet Security Fabric, enabling fast detection and enforcement across the entire attack surface.
Application Security

FortiGuard application security services protect, monitor, and optimize application performance and usage.

Find solution guides, eBooks, data sheets, analyst reports, and more.

Contact Us

Still have questions? We’re here to help.