In about two weeks, I’ll be participating in the Mid Market CIO Forum in Austin, Texas. Events such as these are vital as they bring IT professionals together in a setting that is intimate enough to get real answers to their unique set of challenges. For cybersecurity practitioners in particular, the market is incredibly confusing. On top of a profusion of various technologies you have a rapidly changing threat landscape where the threat of the day seems to dictate the conversation.
The article below was sent to attendees of the Mid Market Forum, but is relevant to many of us in the security field. Only when asking different questions, moving beyond the standard security discussion, will security practitioners find the set of solutions that meets the specific needs of their business.
This report was authored by: Michael Gorelik and Assaf Kachlon.
Last week’s malware news was filled with the CCleaner backdoor exposed by Morphisec’s security solution. This week Morphisec uncovered another ongoing malware campaign, this one a drive-by-download attack that uses a modified version of the old (in hacker time) favorite, the RIG exploit kit.
Over the past 10 days, Morphisec's Threat Prevention Solution stopped a modified RIG exploit kit distributed to a large number of customers in a major drive by download campaign. Upon customer notification about the web-borne attack, we immediately identified the type of exploit kit and the delivered exploits. We reported the abuse of the registered domains to Freenom.com, the domain registration entity.
As widely reported today, the Avast-owned security application CCleaner was illegally modified by hackers to establish a backdoor to the hackers’ server. According to Avast, some 2.27 million users were running the weaponized version 5.33 of CCleaner. In addition, the CCleaner’s cloud version 1.07 was affected. Morphisec was first to uncover the CCleaner Backdoor saving millions of Avast user.
Morphisec first identified and prevented malicious CCleaner.exe installations on August 20 and 21, 2017 at customer sites. Some customers shared their logs of the prevented attacks with Morphisec on September 11, 2017.Morphisec started to investigate the prevention logs right away.
Modern manufacturing technology brings improved quality and efficiency at lower costs. It also brings greatly increased cyber risk. Deloitte and MAPI’s (Manufacturers Alliance for Productivity and Innovation) recently published a report which takes a hard look at the effect of current manufacturing trends on cyber risk. The study found that, while manufacturers are beginning to prioritize cybersecurity, they have a long way to go. Read the report, “Cyber Risk in Advanced Manufacturing,” to see their findings and recommendations to be “secure, vigilant and resilient.”
In the first half of 2017 alone, organizations have had to cope with a slew of new tactics: a surge in evasive, fileless attacks, record breaking attack propagation speeds and the rise of 64-bit attacks. The latest version of Morphisec Endpoint Threat Prevention gives security teams the answer to tackle these trends plus unknown threats to come.
Two weeks ago, Morphisec Lab, led by VP R&D Michael Gorelik, warned of a new attack by the FIN7 cybercrime group against restaurants across the US. Earlier this year, the financially motivated FIN7 group, one of the leading threat actor groups operating today, targeted restaurant chains Chipotle, Baja Fresh and Ruby Tuesday, among others. And you certainly remember the massive 2016 attack on the Wendy’s fast food chain, which resulted in over 1000 Wendy’s locations hit by a credit card breach. Numbers were also big in the Arby’s data breach discovered in January 2017: according to the credit union service PSCU, 350,000 credit and debit card accounts might have been impacted by the hack on Arby’s point-of-sale (PoS) systems.
Fueled by access to ever-increasing computational power, the past few decades have seen an explosion in Artificial Intelligence (AI) capabilities and applications. Today, AI is used in everything from image and speech recognition, to recommendation systems, to biomedical informatics to self-driving cars. Recently, various cyber security vendors are adapting "AI Technologies" in their products in order to improve the detection rate of malware and attacks. In particular, AI is expected to slowly replace the old-style signature-based detection of malware. Signature-based detection has proved to be ineffective against today's "one-million-new-samples-per-day" malware variants. But what does it really mean to use AI in detection of attacks and malware; can it really live up to its promises?
On June 7, 2017, Morphisec Lab identified a new, highly sophisticated fileless attack targeting restaurants across the US. The ongoing campaign allows hackers to seize system control and install a backdoor to steal financial information at will. It incorporates some never before seen evasive techniques that allow it to bypass most security solutions – signature and behavior based.
Last week, a massive wave of spam email that infects victims with a new type of ransomware, dubbed "Jaff", flooded networks across Europe, North America and Australia. Estimates put the number of malicious emails in the tens of millions.