New Wave of Fileless Kovter Backdoor Trojan Attacks Via “Targeted” Macro-Based Malspam Campaign

Posted by Michael Gorelik on Oct 22, 2016 11:31:27 PM


During October 17 to 21, Morphisec identified and prevented several malicious and sophisticated macro-based documents at the site of one of our customers delivering a fileless Kovter backdoor Trojan attack. This and similar attacks illustrate the troubling trend that macro-based malspam campaigns are attacking enterprises with modified evasion techniques now on a weekly basis. With antivirus products updating their signatures within 3-7 days of the detection of an attack, the window of opportunity is big enough for cybercriminals to score.

Read More

Topics: Endpoint Security, cybersecurity

Morphisec Prevents Major Malspam Campaign - Again

Posted by Michael Gorelik on Oct 13, 2016 11:11:24 PM

Morphisec Prevents Major Malspam campaign - Again

In our report at the beginning of September about a large-scale malspam campaign discovered and stopped by Morphisec, we pointed out the central role that malware spam plays for hackers and the difficulties signature-based and behavioral security products can have in coping with them in real-time.

During October 10-12, 2016, Morphisec stopped yet another malspam campaign that again showed an extremely low detection rate on VirusTotal.

Read More

Topics: Endpoint Security, ransomware, cybersecurity

Microsoft Patch Tuesday: All or Nothing Patching

Posted by Netta Schmeidler on Oct 12, 2016 8:09:12 AM

Microsoft released its October patching update today and, as announced, it introduces a major change that has many system administrators wondering just what to do.

Read More

Topics: Industry News, Patching, cybersecurity

VDI  - the Good, the Bad and the Answer

Posted by Netta Schmeidler on Oct 5, 2016 10:55:59 AM

A Brief History

Virtual Desktop Infrastructure (VDI) is not a new concept – in fact virtualized desktops can be traced back to the 1960s, when IBM divided up mainframes into virtual machines to allow for multiple, simultaneous users. The modern take on VDI emerged around 2007 with the Virtual Desktop Manager by VMware. Citrix entered the game in late 2008. Over the next years, VDI and grew steadily but slowly. Until recently. The emergence of cloud-hosted virtual desktop solutions has accelerated VDI adoption by enterprises and smaller organizations alike.

Read More

Topics: Moving Target Defense, Endpoint Security, cybersecurity, VDI

The Many Faces of Ransomware

Posted by Mordechai Guri on Sep 23, 2016 8:04:22 AM

Ransomware has grabbed mainstream media attention recently but it’s nothing new – in fact, its origins can be traced back to floppy disk times. Part of ransomware’s new found notoriety is certainly due to the criminals’ latest target of choice, the healthcare industry, which is considered sacrosanct to most. And ransomware’s very nature lends itself to news-worthy headlines. Unlike other types of malware which rely on stealth to infiltrate systems or quietly siphon off data, ransomware boldly declares its presence and intent, often with a clever name to go with it.

Read More

Topics: Exploits, ransomware

New Locky – Zepto Variant Prevented by Morphisec

Posted by Michael Gorelik on Sep 16, 2016 8:45:28 PM

New Locky – Zepto variant prevented by Morphisec! Ransomware with modified Eval mechanism evades all other security solutions.

Since Locky’s discovery in February 2016, it has emerged as one of the most prevalent and devastating ransomware threats of 2016. Over the last two months, ransomware in general has evolved greatly in delivery technique complexity, with Locky among the most insidious. 

In particular, Locky moved to the Zepto variant, executing from dll and not an executable, started using quant loader, and added more evasion techniques to its arsenal. 

Read More

Topics: Endpoint Security, ransomware, cybersecurity

Emotional Drivers Behind Prevention, Detection, and Containment Cyber Strategies

Posted by Dudu Mimran on Sep 14, 2016 9:05:25 PM

It may sound odd, but cybersecurity has a huge emotional component. Unlike other industries that are driven by optimization and financial gains, cybersecurity has all the makings of a Hollywood movie—good guys, bad guys, nation-states attacking other nation states, and entire global IT systems at risk. Unfortunately for most victims of a cyber threat or breach, the effects are all too real and don't disappear when the music stops and the lights come on.

Read More

Topics: Endpoint Security, cybersecurity

New Malspam Campaign Discovered and Prevented by Morphisec

Posted by Michael Gorelik on Sep 9, 2016 12:13:18 AM

Spam is still the preferred attack vector for cyber criminals and malware spam campaigns continue to increase. According to the Symantec Internet Threat Report, 1 in 220 emails in 2015 contained malware. While this figure may seem low, consider that over 100 billion emails are sent daily and the scale of the problem becomes clear. In this type of mass attack, attackers use botnets to send emails that include malicious links or attached files with user-activated macros that download and execute malware. Attachments can be disguised as fake invoices, office documents, or other files. Malicious links may direct the user to a compromised website using a web attack toolkit to drop something malicious onto their computer. These attacks are extremely cheap and easy to commit and are commonly perpetrated not only on individuals, but also on companies. 

Read More

Topics: Endpoint Security, cybersecurity

Reflections on Black Hat USA

Posted by Arthur Braunstein on Aug 17, 2016 6:49:53 PM


This year’s Black Hat USA conference was bigger and badder than ever, with attendance up nearly 30% according to show organizers. Of all the security conferences, Black Hat has the most clear divide between the technical practitioner side and the security vendors, and the main themes varied depending on which side of the divide you were standing.  From the practitioner side, these ranged from enhancing technical skills (excellent training) to strategies and threats, to leadership and alignment with the business. The instructors and presenters were world class, the content was superb, and thoughtfulness and creativity were everywhere.

All good for the practitioners and kudos to the organizers. On the vendor side, things were a little more nuanced.

Read More

Topics: Exploits, Moving Target Defense, Endpoint Security

The Future of Intrusion Detection

Posted by Mordechai Guri on Aug 10, 2016 6:00:00 PM

It’s always an interesting exercise to extrapolate from current technologies and industry challenges to sketch the future landscape. This especially holds true for cyber security, with its rapid growth and change as new threat types, targets and counter techniques emerge almost daily. While hard and fast predictions fall beyond my purview, I see several trends likely to dominate the field in the upcoming years, particularly around intrusion detection.

Read More

Topics: Endpoint Security, cybersecurity

Welcome to our Blog

Keeping you in the loop with company updates, industry insight, cyber security trends, and cyber attack information.

Subscribe to Newsletter

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....