Fortinet has released its latest Threat Landscape report, which details data breaches and attacks such as Sony Europe being hit by another SQL injection attack, the International Monetary Fund (IMF) suffering a critical data breach, hacktivism group LulzSec’s continued attack on the US government and the rise of spam despite a three month decline.
The most prominent virus FortiGuard Labs detected during the month of June was, once again, Fraudload.OR, which frequently disguises itself in the form of fake antivirus software, though it also has the ability to download other Trojans and malware to an infected user’s system. Fraudload.OR accounted for more than one third of new malware incidents during the last few weeks.
Fraudload.OR has been very active for nearly two months, no doubt fuelled by the success FakeAV loaders like Fraudload.OR have realized. Recently, bank accounts belonging to a FakeAV operator were frozen by the US District Attorney. Nearly $15M USD was in those accounts, highlighting the wealth such operators can achieve using a scam that is now well over three years old.
Also at the top of the attack charts was MS.IE.CSS.Self.Reference.Remote.Code.Execution (CVE-2010-3971). This vulnerability affects Internet Explorer 8 and earlier versions and is triggered simply by viewing a webpage that hosts a malicious CSS style sheet. Most activity for this attack was observed mid-month particularly in Algeria and South America.
“We are indeed entering a new era of cybersecurity, one where proactive measures are being put in place and this month’s attacks show the importance of keeping patches up-to-date to help avoid exploitation by malicious code,” said Derek Manky, senior security strategist at Fortinet. “It’s also important to employ an IPS solution to help block malicious code looking to exploit vulnerable software and a Web application firewall to help protect your public facing digital assets.”