Michael Gorelik

Michael is Morphisec’s CTO / VP R&D and chief bad guy researcher. Michael holds Bsc and Msc degrees from the Computer Science department at Ben-Gurion University, focusing on low-level Synchronization in different OS architectures.
Find me on:

Recent Posts

Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users

Posted by Michael Gorelik on September 18, 2017 at 9:40 PM

 

As widely reported today, the Avast-owned security application CCleaner was illegally modified by hackers to establish a backdoor to the hackers’ server. According to Avast, some 2.27 million users were running the weaponized version 5.33 of CCleaner. In addition, the CCleaner’s cloud version 1.07 was affected. Morphisec was first to uncover the CCleaner Backdoor saving millions of Avast user. 

Morphisec first identified and prevented malicious CCleaner.exe installations on August 20 and 21, 2017 at customer sites. Some customers shared their logs of the prevented attacks with Morphisec on September 11, 2017.Morphisec started to investigate the prevention logs right away.

Read More

Topics: Research, Endpoint Security, Cyber Security, Attack Analysis

FIN7 Takes Another Bite at the Restaurant Industry

Posted by Michael Gorelik on June 9, 2017 at 6:40 PM

INTRODUCTION

On June 7, 2017, Morphisec Lab identified a new, highly sophisticated fileless attack targeting restaurants across the US. The ongoing campaign allows hackers to seize system control and install a backdoor to steal financial information at will. It incorporates some never before seen evasive techniques that allow it to bypass most security solutions – signature and behavior based.

Read More

Topics: Cyber Attacks, Endpoint Security, Cyber Security, Attack Analysis

Iranian Fileless Attack Infiltrates Israeli Organizations

Posted by Michael Gorelik on April 27, 2017 at 7:11 PM

INTRODUCTION

From April 19-24, 2017, a politically-motivated, targeted campaign was carried out against numerous Israeli organizations. Morphisec researchers began investigating the attacks on April 24 and continue to uncover more details. Initial reports of the attacks, published April 26 (in Hebrew) by the Israel National Cyber Event Readiness Team (CERT-IL) and The Marker, confirm that the attack was delivered through compromised email accounts at Ben-Gurion University and sent to multiple targets across Israel. Ironically, Ben-Gurion University is home to Israel’s Cyber Security Research Center. Investigators put the origin of the attack as Iranian; Morphisec’s research supports this conclusion and attributes the attacks to the same infamous hacker group responsible for the OilRig malware campaigns.

Read More

Topics: 0-day exploits, Zero-day, Attack Analysis, Fileless Attacks

Morphisec Discovers New Fileless Attack Framework

Posted by Michael Gorelik on March 16, 2017 at 7:55 PM

Morphisec Discovers New Fileless Attack Framework

Ties Single Threat Actor Group to Multiple Campaigns, Interacts with Hacker.

On the 8th of March, Morphisec researchers began investigating a new fileless threat delivered via a macro-enabled Word document, which was attached to a phishing email sent to targeted high-profile enterprises. During the course of the investigation, we uncovered a sophisticated fileless attack framework that appears to be connected to various recent, much discussed attack campaigns.

Read More

Topics: Cyber Attacks, Cyber Security, Attack Analysis, Fileless Attacks

New Wave of Cerber Ransomware Sweeps the Globe – Can’t Surge Past Morphisec

Posted by Michael Gorelik on February 22, 2017 at 10:41 AM

Cerber ransomware is one of the most sophisticated and popular ransomware families, attacking victims across the globe. Additional popular ransomware families in the cybercriminal’s arsenal include Locky (Osiris), Spora, Shade and several others.

Read More

Topics: Ransomware, Cerber

New Wave of Fileless Kovter Backdoor Trojan Attacks Via “Targeted” Macro-Based Malspam Campaign

Posted by Michael Gorelik on October 22, 2016 at 11:31 PM

UPDATED POST  - NOW WITH DETAILED TECHNICAL ANALYSIS!

During October 17 to 21, Morphisec identified and prevented several malicious and sophisticated macro-based documents at the site of one of our customers delivering a fileless Kovter backdoor Trojan attack. This and similar attacks illustrate the troubling trend that macro-based malspam campaigns are attacking enterprises with modified evasion techniques now on a weekly basis. With antivirus products updating their signatures within 3-7 days of the detection of an attack, the window of opportunity is big enough for cybercriminals to score.

Read More

Topics: Endpoint Security, Cyber Security, Kovter, Attack Analysis

Morphisec Prevents Major Malspam Campaign - Again

Posted by Michael Gorelik on October 13, 2016 at 11:11 PM

Morphisec Prevents Major Malspam campaign - Again

In our report at the beginning of September about a large-scale malspam campaign discovered and stopped by Morphisec, we pointed out the central role that malware spam plays for hackers and the difficulties signature-based and behavioral security products can have in coping with them in real-time.

During October 10-12, 2016, Morphisec stopped yet another malspam campaign that again showed an extremely low detection rate on VirusTotal.

Read More

Topics: Endpoint Security, Ransomware, Cyber Security, Attack Analysis

New Locky – Zepto Variant Prevented by Morphisec

Posted by Michael Gorelik on September 16, 2016 at 8:45 PM

New Locky – Zepto variant prevented by Morphisec! Ransomware with modified Eval mechanism evades all other security solutions.

Since Locky’s discovery in February 2016, it has emerged as one of the most prevalent and devastating ransomware threats of 2016. Over the last two months, ransomware in general has evolved greatly in delivery technique complexity, with Locky among the most insidious. 

In particular, Locky moved to the Zepto variant, executing from dll and not an executable, started using quant loader, and added more evasion techniques to its arsenal. 

Read More

Topics: Endpoint Security, Ransomware, Cyber Security, Attack Analysis

New Malspam Campaign Discovered and Prevented by Morphisec

Posted by Michael Gorelik on September 9, 2016 at 12:13 AM

Spam is still the preferred attack vector for cyber criminals and malware spam campaigns continue to increase. According to the Symantec Internet Threat Report, 1 in 220 emails in 2015 contained malware. While this figure may seem low, consider that over 100 billion emails are sent daily and the scale of the problem becomes clear. In this type of mass attack, attackers use botnets to send emails that include malicious links or attached files with user-activated macros that download and execute malware. Attachments can be disguised as fake invoices, office documents, or other files. Malicious links may direct the user to a compromised website using a web attack toolkit to drop something malicious onto their computer. These attacks are extremely cheap and easy to commit and are commonly perpetrated not only on individuals, but also on companies. 

Read More

Topics: Endpoint Security, Cyber Security, Attack Analysis

Protect Your Company against Exploit Kits with Moving Target Defense

Posted by Michael Gorelik on July 12, 2016 at 12:10 PM

There are kits for everything these days: beer brewing, engine tuning, and, yes, hacking. Hacking's “exploit kits” (EKs)—toolkits with packaged exploit codes—let almost anyone become a digital intruder, from the guy down the hall to the nation-state operator oceans away. I'm going to share some key areas you need to be aware of when preparing for an EK-driven attack.

Read More

Topics: Exploits, Endpoint Security, Exploit Kit

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts