Cybersecurity Blog

Cerber ransomware is one of the most sophisticated and popular ransomware families, attacking victims across the globe. Additional popular ransomware families in the cybercriminal’s arsenal include Locky (Osiris), Spora, Shade and several others.

Cybersecurity had a turbulent 2016, to say the least. We saw the rise of ransomware, the emergence of IoT botnets, landmark security legislation and Yahoo’s disclosure about its 1-billion-record-hack, the largest in history.

As an eventful 2016 draws to a close, what should we expect in cybersecurity for 2017? In this blog series, Morphisec’s security experts predict trends and technologies in 2017. Today’s post is from Netta Schmeidler, Morphisec VP Product.

Morphisec Prevents Major Malspam campaign - Again

In our report at the beginning of September about a large-scale malspam campaign discovered and stopped by Morphisec, we pointed out the central role that malware spam plays for hackers and the difficulties signature-based and behavioral security products can have in coping with them in real-time.

During October 10-12, 2016, Morphisec stopped yet another malspam campaign that again showed an extremely low detection rate on VirusTotal.

Ransomware has grabbed mainstream media attention recently but it’s nothing new – in fact, its origins can be traced back to floppy disk times. Part of ransomware’s new found notoriety is certainly due to the criminals’ latest target of choice, the healthcare industry, which is considered sacrosanct to most. And ransomware’s very nature lends itself to news-worthy headlines. Unlike other types of malware which rely on stealth to infiltrate systems or quietly siphon off data, ransomware boldly declares its presence and intent, often with a clever name to go with it.

New Locky – Zepto variant prevented by Morphisec! Ransomware with modified Eval mechanism evades all other security solutions.

Since Locky’s discovery in February 2016, it has emerged as one of the most prevalent and devastating ransomware threats of 2016. Over the last two months, ransomware in general has evolved greatly in delivery technique complexity, with Locky among the most insidious. 

In particular, Locky moved to the Zepto variant, executing from dll and not an executable, started using quant loader, and added more evasion techniques to its arsenal. 

One of Morphisec’s mandates is to share our expertise with the industry at large. You’ll find bylines and commentary by team members in numerous publications on everything from the cyber security implications of Brexit to improving supply chain cyber security. Following are a few of the latest articles by Morphisec experts.

The recent FireEye discovery of an Angler Exploit Kit variant that bypasses Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) has taken the cyber security world by surprise – but it shouldn’t have. New variants of the Angler EK crop up constantly (see Javascript in IE Overtakes Flash as Number One Target for Angler Exploit Kit) and EMET was never meant to be infallible, just make it more difficult for hackers. EMET, which uses a set of predefined rules to prevent specific malware, is often relied upon to stop zero-day attacks on Windows systems until a patch is developed for the vulnerability. Although researchers have previously discovered vulnerabilities that allowed them to bypass EMET defenses, this is the first time an exploit in the wild has been successful.

Recently, software engineer and noted tech journalist Ben Dickson explored the growing threat of ransomware in an article in The Daily Dot. He gives a thorough yet remarkably non-techie overview before tackling the difficult part – what can companies and individuals do to protect themselves. Dickson turned to our own Ronen Yehoshua, CEO of Morphisec, to understand why traditional security approaches fail and possible solutions.