<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">

Roy Moshailov

Roy is Morphisec's expert malware researcher, dissecting even the most sophisticated and evasive attacks into its pieces. Serving in an IDF Intelligence Unit, Roy gained extensive and hands-on experience in the cybersecurity field.
Find me on:

Recent Posts

SharpShooter Pen Testing Framework Used by Attackers

Posted by Roy Moshailov on August 12, 2018 at 1:39 PM

Fileless malware is a type of a malicious code execution technique that operates completely within process memory; no files are dropped onto the disk. Without any artifacts on the hard drive to detect, these attacks easily evade most security solutions.

Read More

Topics: Cyber Attacks, Endpoint Security, Sandbox evasion, Fileless Attacks, Threat Alerts

GandCrab Ransomware Version 4.0/4.1

Posted by Roy Moshailov on July 18, 2018 at 4:22 PM

July has been a busy month for the distributors of GandCrab ransomware. After about two months with no major update, the cybercrime gang behind GandCrab released version 4, and a few days later, version 4.1. The primary delivery method is via compromised WordPress websites, which have been hijacked to include fake crack application pages, which in turn redirect to the GandCrab executable. Other distribution methods are Exploit Kits (EK) and malicious email campaigns.

Read More

Topics: Ransomware, Exploit Kit, Custom Packer, Threat Alerts

Threat Alert: MyloBot  - New Highly Sophisticated Botnet

Posted by Roy Moshailov on June 27, 2018 at 10:54 AM

A new highly sophisticated botnet incorporating numerous malicious, evasive techniques is quickly spreading its tentacles. Dubbed MyloBot, the botnet uses an usually complex chain attack and combines multiple anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. Initial research published by Deep Instinct points out that everything on the victim’s end takes place in memory, while the main business logic of the botnet is executed in an external process using code injection. This makes it even harder to detect and trace.

Read More

Topics: Advanced Persistent Threats, Cyber Security, Fileless Attacks, Threat Alerts

New Info-Stealing Trojan Spotted in HSBC Malspam Campaign

Posted by Roy Moshailov on May 9, 2018 at 10:38 AM

On the 12th of April, Morphisec, identified and prevented a major wave of malspam purporting to be from HSBC Bank. The phishing campaign targeted several industrial manufacturing and service enterprises in Asia, using standard but still often effective social engineering tactics. The malicious email delivered a sophisticated info-stealing trojan via a weaponized ISO attachment. ISO files are a type of image archive format used for optical disk images, which can be opened using WinRAR and other programs.

Read More

Topics: Research, Attack Analysis, Threat Profile, Malspam

Threat Profile: Dofoil (Smoke Loader) Trojan with Coin-Miner 

Posted by Roy Moshailov on March 22, 2018 at 8:08 AM

 

These days, most malware employs a long attack chain with anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. More and more frequently, they are also incorporating coin miners in attacks. Such is the case with a newly observed variant of the Dofoil (also known as Smoke Loader) trojan, which includes a resource-draining cryptocurrency-mining payload. This latest Dofoil strain entered the scene earlier this month and is currently still active.

Read More

Topics: Cyber Attacks, Attack Analysis, Threat Profile

Threat Profile: GandCrab Ransomware

Posted by Roy Moshailov on February 23, 2018 at 4:08 PM

GandCrab Ransomware

These days, most malware employs long chain attack and anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. Such is the case with GandCrab, a new ransomware strain that entered the scene late last month and is currently active.

Read More

Topics: Ransomware, Exploit Kit, Attack Analysis, Custom Packer, Threat Profile

Threat Profile: Microsoft Equation Editor Backdoor

Posted by Roy Moshailov on January 29, 2018 at 1:19 PM

Towards the end of 2017, a group of researchers at Embedi discovered a Microsoft Office vulnerability that’s been quietly putting systems in danger for about 17 years.

Read More

Topics: Exploits, Cyber Attacks, MS Office Exploits, Threat Profile

Threat Profile: RokRAT

Posted by Roy Moshailov on January 2, 2018 at 2:59 PM

RokRAT is a sophisticated Remote Access Trojan (RAT) that is skilled at evading detection and uses multiple techniques to make analysis difficult. The current RokRAT campaign was identified by Cisco Talos in November. The earliest known RokRAT campaign occured in April, although this used a less evasive malware variant. 

Read More

Topics: Exploits, Custom Packer, Threat Profile

Threat Profile: SIGMA Ransomware

Posted by Roy Moshailov on December 19, 2017 at 6:44 PM

 

Ransomware remained a major cybersecurity threat in 2017, leaving a trail of victims across all industries, company sizes and geographical borders. Phishing emails are the top ransomware delivery mechanism and they grow in number and sophistication daily. According to IBM, the number of ransomware-infected emails increased 6,000% this year. And the days of easily spotted spelling mistakes and obvious scams are long gone. Today’s phishing attacks are clever and subtle enough to trick even security veterans. 

Read More

Topics: Ransomware, Sandbox evasion, Cyber Security, Threat Profile

Andromeda’s Five Star Custom Packer – Hackers’ Tactics Analyzed

Posted by Roy Moshailov on March 13, 2017 at 2:08 AM

Packer-based malware is malware which is modified in the runtime memory using different and sophisticated compression techniques. Such malware is hard to detect by known malware scanners and anti-virus solutions. In addition, it is a cheap way for hackers to recreate new signatures for the same malware on the fly simply by changing the encryption/packing method. Packers themselves are not malware; attackers use this tactic to obfuscate the code’s real intention.

Read More

Topics: Cyber Attacks, Sandbox evasion, Cyber Security, Attack Analysis, Custom Packer

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts