Building Security Resiliency Into Critical Infrastructure

Posted by Mordechai Guri, Ph.D. on Apr 18, 2017 8:24:37 AM

 

This article previously appeared on Information Management. Mordechai Guri is Chief Science Officer at Morphisec.

National Cybersecurity Awareness Month closed by focusing on scenarios straight out of action movies and nightmares – attacks on our critical infrastructure. These days, however, the threat is more likely to come from an innocent seeming email than bomb-toting terrorists à la Die Hard.

Utilities, hospitals, transportation systems, and all the other systems our communities and countries depend on are increasingly digitally controlled and connected. This brings tremendous productivity and reliability gains: better alignment of supply and demand, predictive maintenance planning, predictive outage response, instantaneous sharing of vital data and more. In some cases, like health care, it can make the difference between life and death.

Read More

Topics: Attacks, Advanced Persistent Threats, Endpoint Security, cybersecurity

Morphisec Discovers New Fileless Attack Framework

Posted by Michael Gorelik on Mar 16, 2017 7:55:00 PM

Morphisec Discovers New Fileless Attack Framework

Ties Single Threat Actor Group to Multiple Campaigns, Interacts with Hacker.

On the 8th of March, Morphisec researchers began investigating a new fileless threat delivered via a macro-enabled Word document, which was attached to a phishing email sent to targeted high-profile enterprises. During the course of the investigation, we uncovered a sophisticated fileless attack framework that appears to be connected to various recent, much discussed attack campaigns.

Read More

Topics: Attacks, cybersecurity, Attack Analysis, fileless attacks

Andromeda’s Five Star Custom Packer – Hackers’ Tactics Analyzed

Posted by Roy Moshailov on Mar 13, 2017 8:08:50 AM

Packer-based malware is malware which is modified in the runtime memory using different and sophisticated compression techniques. Such malware is hard to detect by known malware scanners and anti-virus solutions. In addition, it is a cheap way for hackers to recreate new signatures for the same malware on the fly simply by changing the encryption/packing method. Packers themselves are not malware; attackers use this tactic to obfuscate the code’s real intention.

Read More

Topics: Attacks, Sandbox evasion, cybersecurity, Attack Analysis, Custom Packer

Calculating Your Cyber ROI

Posted by Netta Schmeidler on Nov 16, 2016 6:00:01 AM

 

Executives often view cybersecurity as an expense, a necessary one perhaps, but still a burden on company finances, focus and time. Instead it should be approached as an investment – an investment in protecting an organization’s systems, resources, customers and reputation. And, like any investment, cybersecurity should be able to prove its value by delivering a solid ROI. But how do you calculate cybersecurity ROI? After all, security doesn’t create earnings.

Read More

Topics: Attacks, Endpoint Security, CISO, cybersecurity

Less is More (Dangerous): A Dissection of Fileless In-Memory Attacks

Posted by Michael Gorelik on Jun 13, 2016 8:58:34 PM

With fileless malware popping up more and more frequently, particularly sophisticated PowerShell attacks, we thought it useful to examine these threats by reverse engineering those in-memory samples from Virus Total that have the lowest detection rates.

Read More

Topics: Exploits, Attacks, Advanced Persistent Threats, APT, Attack Analysis

CVE-2015-2545 Still Being Exploited, Still Can’t Get Past Morphisec

Posted by Morphisec Team on May 31, 2016 11:04:12 PM

CVE-2015-2545 is the vulnerability that just keeps on giving. First spotted in August 2015, in a targeted attack by the Platinum Group, it allows attackers to bypass system memory protections via a malicious EPS image file embedded in a Microsoft Office document. Morphisec’s Michael Gorelik published a detailed technical analysis at the PostScript Abstraction Level back in February, when it popped up again in connection with attacks against Indian governmental agencies.

Read More

Topics: Exploits, Product, Attacks, cybersecurity

Flash Vulnerability Problems No Flash in the Pan [CVE-2016-4117]

Posted by Michael Gorelik on May 20, 2016 3:25:23 PM

Yet another critical Flash vulnerability was uncovered this month, thanks to researchers at FireEye. The vulnerability, CVE-2016-4117, exists in Flash 21.0.0.226 and earlier versions for Windows, Mac, Linux, and Chrome OS. It received a CVSS v3 rating of 9.8, indicating extremely critical (Adobe rushed out a patch earlier this week).

Read More

Topics: Attacks, APT, Attack Analysis

Carbanak WinWord Exploit Prevented by Morphisec

Posted by Morphisec Team on Mar 21, 2016 9:27:20 PM

The Carbanak APT group, aka “Anunak,” (dubbed Carbanak by Kaspersky Labs to reflect its Carberp origins) is one of the most notorious cybercriminal groups to target the Financial sector. Since Carbanak was first released in December 2014, around 100 financial institutions in approximately 30 countries have fallen victim to it, losing nearly $1 billion. Carbanak attacks begin with malware infected documents sent as email attachments to targeted bank employees. The malicious document is accompanied by an email message establishing an innocent seeming context. Once activated, the document delivers the malware, usually by exploiting an unpatched Office application vulnerability, in this case Microsoft Word. After obtaining the required credentials / data from the unprotected target victims, the Carbanak malware continues to its next stage of infiltrating the financial institution’s network.

Read More

Topics: Attacks, MS Office Exploits, Advanced Persistent Threats, Endpoint Security, APT

Flash Zero-day Quickly Propagates to Unaware Sites

Posted by Michael Gorelik on Nov 9, 2015 7:15:04 PM

Have you ever wondered what happens to zero-day exploits after their big splash on day zero? Often 0-days are developed to target a specific organization, as in this Pawn Storm-related instance reported by Trend Micro, which targeted specific people within the Foreign Affairs Ministry.

Read More

Topics: Exploits, Attacks, 0-day exploits, Moving Target Defense, Zero-day, Attack Analysis

In-The-Wild, Nuclear Kit Found That Automatically Generates Flash Exploit Variants On-The-Fly

Posted by Michael Gorelik on Oct 15, 2015 1:13:18 PM

After our recent blog post about an encrypted Flash exploit, we went back to analyze some more of these exploit files. We took some of the newer exploit recordings available on a malware aggregation site, and tried to decrypt them using the same Diffie-Hellman protocol that had worked for us before. We discovered that enough time had gone by that the Nuclear Exploit Kit team had already upped their game, and the brute force decryption did not work anymore. So what’s a researcher to do?

Read More

Topics: Exploits, Attacks, Attack Analysis

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....