Morphisec Discovers New Fileless Attack Framework

Posted by Michael Gorelik on Mar 16, 2017 7:55:00 PM

Morphisec Discovers New Fileless Attack Framework

Ties Single Threat Actor Group to Multiple Campaigns, Interacts with Hacker.

On the 8th of March, Morphisec researchers began investigating a new fileless threat delivered via a macro-enabled Word document, which was attached to a phishing email sent to targeted high-profile enterprises. During the course of the investigation, we uncovered a sophisticated fileless attack framework that appears to be connected to various recent, much discussed attack campaigns.

Read More

Topics: Attacks, cybersecurity, Attack Analysis, fileless attacks

Andromeda’s Five Star Custom Packer – Hackers’ Tactics Analyzed

Posted by Roy Moshailov on Mar 13, 2017 8:08:50 AM

Packer-based malware is malware which is modified in the runtime memory using different and sophisticated compression techniques. Such malware is hard to detect by known malware scanners and anti-virus solutions. In addition, it is a cheap way for hackers to recreate new signatures for the same malware on the fly simply by changing the encryption/packing method. Packers themselves are not malware; attackers use this tactic to obfuscate the code’s real intention.

Read More

Topics: Attacks, Sandbox evasion, cybersecurity, Attack Analysis, Custom Packer

Our Top 10 Blog Posts of 2016

Posted by Morphisec Team on Jan 20, 2017 7:28:50 PM

Cybersecurity had a turbulent 2016, to say the least. We saw the rise of ransomware, the emergence of IoT botnets, landmark security legislation and Yahoo’s disclosure about its 1-billion-record-hack, the largest in history.

Read More

Topics: Exploits, ASLR, Angler Kit, APT, Ransomware, Attack Analysis

Evasive Malware Campaign with Faked HM Revenue and Customs Attachment

Posted by Roy Moshailov on Dec 27, 2016 1:32:32 PM

 The full report is also available as PDF. 

On December 12, 2016 Morphisec identified and monitored a new wave of sophisticated malware delivered via targeted phishing emails with malicious macro-based documents attached. The malicious documents themselves use a clever, new social engineering technique to convince the target to enable macros. Once enabled, the document calls an unknown downloader that resembles the Cerber downloader, but employs new obfuscation techniques.

Read More

Topics: Sandbox evasion, Attack Analysis

Attack Alert: Another Month, Another Hancitor Variant

Posted by Ursula Ron on Dec 8, 2016 11:23:02 AM

They’re starting to be as reliable as clockwork. Every 3-4 weeks a new wave of Hancitor campaigns hits, with improved targeting and new tricks to evade detection. The latest variant comes via a malicious MS Word attachment to a fairly convincing email. How do we know? Our own CEO, Ronen Yehoshua, was one of the latest targets.  Maybe the folks behind Hancitor liked our technical analysis (or get the original Hancitor report in PDF format) of the last attack so much that they wanted to deliver a new version for analysis personally.

Read More

Topics: Attack Analysis, Hancitor

New Wave of Hancitor Comes with New Evasive Techniques

Posted by Roy Moshailov on Nov 27, 2016 2:49:08 AM

 The full report is also available as PDF. 

From November 7 – 15, 2016, Morphisec identified and monitored a new wave of sophisticated malware attacks using a modified version of the Hancitor downloader. The malware is delivered via targeted phishing emails with malicious macro-based documents attached.

Read More

Topics: Attack Analysis

New Wave of Fileless Kovter Backdoor Trojan Attacks Via “Targeted” Macro-Based Malspam Campaign

Posted by Michael Gorelik on Oct 22, 2016 11:31:27 PM

UPDATED POST  - NOW WITH DETAILED TECHNICAL ANALYSIS!

During October 17 to 21, Morphisec identified and prevented several malicious and sophisticated macro-based documents at the site of one of our customers delivering a fileless Kovter backdoor Trojan attack. This and similar attacks illustrate the troubling trend that macro-based malspam campaigns are attacking enterprises with modified evasion techniques now on a weekly basis. With antivirus products updating their signatures within 3-7 days of the detection of an attack, the window of opportunity is big enough for cybercriminals to score.

Read More

Topics: Endpoint Security, cybersecurity, Kovter, Attack Analysis

Morphisec Prevents Major Malspam Campaign - Again

Posted by Michael Gorelik on Oct 13, 2016 11:11:24 PM

Morphisec Prevents Major Malspam campaign - Again

In our report at the beginning of September about a large-scale malspam campaign discovered and stopped by Morphisec, we pointed out the central role that malware spam plays for hackers and the difficulties signature-based and behavioral security products can have in coping with them in real-time.

During October 10-12, 2016, Morphisec stopped yet another malspam campaign that again showed an extremely low detection rate on VirusTotal.

Read More

Topics: Endpoint Security, Ransomware, cybersecurity, Attack Analysis

New Locky – Zepto Variant Prevented by Morphisec

Posted by Michael Gorelik on Sep 16, 2016 8:45:28 PM

New Locky – Zepto variant prevented by Morphisec! Ransomware with modified Eval mechanism evades all other security solutions.

Since Locky’s discovery in February 2016, it has emerged as one of the most prevalent and devastating ransomware threats of 2016. Over the last two months, ransomware in general has evolved greatly in delivery technique complexity, with Locky among the most insidious. 

In particular, Locky moved to the Zepto variant, executing from dll and not an executable, started using quant loader, and added more evasion techniques to its arsenal. 

Read More

Topics: Endpoint Security, Ransomware, cybersecurity, Attack Analysis

New Malspam Campaign Discovered and Prevented by Morphisec

Posted by Michael Gorelik on Sep 9, 2016 12:13:18 AM

Spam is still the preferred attack vector for cyber criminals and malware spam campaigns continue to increase. According to the Symantec Internet Threat Report, 1 in 220 emails in 2015 contained malware. While this figure may seem low, consider that over 100 billion emails are sent daily and the scale of the problem becomes clear. In this type of mass attack, attackers use botnets to send emails that include malicious links or attached files with user-activated macros that download and execute malware. Attachments can be disguised as fake invoices, office documents, or other files. Malicious links may direct the user to a compromised website using a web attack toolkit to drop something malicious onto their computer. These attacks are extremely cheap and easy to commit and are commonly perpetrated not only on individuals, but also on companies. 

Read More

Topics: Endpoint Security, cybersecurity, Attack Analysis

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....