Ransomware has grabbed mainstream media attention recently but it’s nothing new – in fact, its origins can be traced back to floppy disk times. Part of ransomware’s new found notoriety is certainly due to the criminals’ latest target of choice, the healthcare industry, which is considered sacrosanct to most. And ransomware’s very nature lends itself to news-worthy headlines. Unlike other types of malware which rely on stealth to infiltrate systems or quietly siphon off data, ransomware boldly declares its presence and intent, often with a clever name to go with it.
New Locky – Zepto variant prevented by Morphisec! Ransomware with modified Eval mechanism evades all other security solutions.
Since Locky’s discovery in February 2016, it has emerged as one of the most prevalent and devastating ransomware threats of 2016. Over the last two months, ransomware in general has evolved greatly in delivery technique complexity, with Locky among the most insidious.
In particular, Locky moved to the Zepto variant, executing from dll and not an executable, started using quant loader, and added more evasion techniques to its arsenal.
It may sound odd, but cybersecurity has a huge emotional component. Unlike other industries that are driven by optimization and financial gains, cybersecurity has all the makings of a Hollywood movie—good guys, bad guys, nation-states attacking other nation states, and entire global IT systems at risk. Unfortunately for most victims of a cyber threat or breach, the effects are all too real and don't disappear when the music stops and the lights come on.
Spam is still the preferred attack vector for cyber criminals and malware spam campaigns continue to increase. According to the Symantec Internet Threat Report, 1 in 220 emails in 2015 contained malware. While this figure may seem low, consider that over 100 billion emails are sent daily and the scale of the problem becomes clear. In this type of mass attack, attackers use botnets to send emails that include malicious links or attached files with user-activated macros that download and execute malware. Attachments can be disguised as fake invoices, office documents, or other files. Malicious links may direct the user to a compromised website using a web attack toolkit to drop something malicious onto their computer. These attacks are extremely cheap and easy to commit and are commonly perpetrated not only on individuals, but also on companies.
This year’s Black Hat USA conference was bigger and badder than ever, with attendance up nearly 30% according to show organizers. Of all the security conferences, Black Hat has the most clear divide between the technical practitioner side and the security vendors, and the main themes varied depending on which side of the divide you were standing. From the practitioner side, these ranged from enhancing technical skills (excellent training) to strategies and threats, to leadership and alignment with the business. The instructors and presenters were world class, the content was superb, and thoughtfulness and creativity were everywhere.
All good for the practitioners and kudos to the organizers. On the vendor side, things were a little more nuanced.
It’s always an interesting exercise to extrapolate from current technologies and industry challenges to sketch the future landscape. This especially holds true for cyber security, with its rapid growth and change as new threat types, targets and counter techniques emerge almost daily. While hard and fast predictions fall beyond my purview, I see several trends likely to dominate the field in the upcoming years, particularly around intrusion detection.
Black Hat USA is in full swing, and cyber experts in every field have descended on Vegas to catch up on the latest cyber threat research, see the latest security technologies and cram in as much hacking and fun as possible into a few short days. However, despite their obvious dedication to the industry, these same industry experts do not see a rosy cyber future.
For the second year in a row, Black Hat organizers conducted a survey of conference attendees, publishing the results in a report titled, “2016: The Rising Tide of Cybersecurity Concern.”
One of Morphisec’s mandates is to share our expertise with the industry at large. You’ll find bylines and commentary by team members in numerous publications on everything from the cyber security implications of Brexit to improving supply chain cyber security. Following are a few of the latest articles by Morphisec experts.
Next week begins Black Hat USA 2016, held July 30 – August 4 at the Mandalay Bay Convention Center in Las Vegas. In its 19th year, the iconic cyber security conference still retains an air of mystique despite its acquired patina of glitz and business. Black Hat begins with four days of intensive hacker training, delving in-depth into the tools and techniques the bad guys are using. The ability to think like a hacker is of enormous importance in developing better cyber defenses – what better place to practice it than Sin City?
There are kits for everything these days: beer brewing, engine tuning, and, yes, hacking. Hacking's “exploit kits” (EKs)—toolkits with packaged exploit codes—let almost anyone become a digital intruder, from the guy down the hall to the nation-state operator oceans away. I'm going to share some key areas you need to be aware of when preparing for an EK-driven attack.