To all our readers:
Thank you for being with us this year and for sharing our interest in changing cybersecurity for the better.
We wish you a wonderful festive season and a successful 2018!
The entire Morphisec team
Topics: Endpoint Security
Ransomware remained a major cybersecurity threat in 2017, leaving a trail of victims across all industries, company sizes and geographical borders. Phishing emails are the top ransomware delivery mechanism and they grow in number and sophistication daily. According to IBM, the number of ransomware-infected emails increased 6,000% this year. And the days of easily spotted spelling mistakes and obvious scams are long gone. Today’s phishing attacks are clever and subtle enough to trick even security veterans.
Two days ago, researchers at TarLogic published a proof-of-concept APT that leverages CVE-2017-11826, a Microsoft Office 0-day vulnerability existing in all Office versions. Microsoft issued a patch for the vulnerability in October, however many systems still remain at risk.
The annual holiday season has arrived. The air grows crisp (at least in the Northern hemisphere), new, cool gadgets are released and cyberattacks, along with cologne ads, proliferate. Cyber threats aren’t deterring shoppers though: The National Retail Federation expects online holiday sales to increase by 7 to 10 percent over last year, reaching as much as $117 billion. With e-commerce attacks in Q3 2016 increasing by 60 percent over the previous year, shopping hazards can hit from all sides. From phishing sites to online card skimming to compromised terminals in stores; even gifts themselves pose security risks. Still, there is much both consumers and retailers can do in order to make an all around safer shopping experience.
A report co-authored by Michael Gorelik, CTO and VP R&D, and Roy Moshailov, Malware Research Expert at Morphisec.
Fileless malware is a type of a malicious code execution technique that operates completely within process memory; no files are dropped onto the disk. Without any artifacts on the hard drive to detect, these attacks easily evade current detection solutions.
Last month, without much fanfare, Morphisec announced the launch of its Women in Cybersecurity Scholarships. The program arose from a chance discussion between Netta Schmeidler, our VP Product, and me. She was describing how she felt so lucky that an encounter in her life at a critical point led her down this career path. We began talking about what we as individuals, as a company and as an industry could do to encourage girls to explore the field.
In the last 48 hours, a hurricane of e-mails has crossed my Inbox, with breathless and self-congratulatory subject lines like "Our latest release detects Bad Rabbit" and "XYZ now protects XYZ customers from Bad Rabbit." In other words, "If you use our product, you were exposed to Bad Rabbit, but now that we know about it (from someone else) we deployed an update." Once you decode the messages, it’s clear that the content is not newsworthy, differentiating or exciting, it’s just an excuse to partake in the latest frenzy.
Much has been written about the high barriers to entry for women in cybersecurity. Certainly the numbers are depressing. Women make up just 11% of the world’s information security workforce, according to the 2017 Global Information Security Workforce Study. This is far behind other industries.
For example, in the U.S. women represent nearly 47% of total workers and 51.5 % of management and professional positions. They account for 60% of pharmacists and 34% of doctors. Even the IT and computing industry, notorious for low female participation, puts cybersecurity to shame with 26% of positions held by women.
Last month I discussed cybersecurity effectiveness, particularly in regards to the growing threat of fileless attacks. But effectiveness is only one piece of the equation.
First and foremost businesses still need to go about their business. Unfortunately, it has long been the case that the more effective a cybersecurity tool is, the slower and more intrusive it is and the more effort it takes to manage it. The complexity and pain of managing – not buying, managing! – security tools often forces companies to reconcile themselves to unacceptable exposure, for example to security-related business disruption, for want of resources to manage cumbersome defensive technology.