Moving Target Defense Blog

Before COVID-19 started making headlines earlier this year, government departments might have been considered unlikely candidates for making large scale remote working a success. However, with service levels maintained across the public sector despite challenging circumstances, this assumption has been thoroughly disproven. 

Risk mitigation in cybersecurity is a fast-changing target for companies of all sizes. Each week, the team at Morphisec reads dozens of news sites to keep up with the stories that matter so you can stay on top of the changing threat landscape and better secure your critical infrastructure. 

For the first two decades of the internet age, from the early 1990s to the 2010s, high-quality antivirus software that blocked the most malware came at an appropriate premium. After all, the endpoint was—and still is—of the primary attack vectors for cyber threats, so it stands to reason that antivirus could charge a premium to secure your endpoint. 

This report has been updated with assistance from the cybersecurity community.

Morphisec Labs has been tracking FIN7 (Carbanak Group) activity for the past several years. Morphisec’s ability to collect rich forensic data from memory has provided unique visibility into multiple FIN7 campaigns that our researchers were proud to share with MITRE and the InfoSec community at large. Fin7 is a well-funded financially motivated cybercrime group. Their advanced techniques and tactics were even emulated in the third round of the MITRE ATT&CK evaluations.

From the team at Morphisec to you and yours: Happy Holidays and a safe and happy new year. See you again in 2021. 

Antivirus software is kind of the lock on a window: it keeps out the most basic sorts of intruders but provides little protection against someone willing to break the glass. The analogy is even more apt because, like window locks, antivirus software has become commoditized. When looking at the results from public tests like AV-Comparatives, it’s clear that for the most part, antivirus platforms block the same attacks. In light of this, it makes little sense to pay for third-party antivirus; especially for Windows systems where this functionality is free and embedded.

If bad weather serves as an unpleasant reminder to fix a leaky roof, then COVID-19 has been something of a perfect storm for colleges and universities. As we uncovered in our recent Education Cybersecurity Threat Index, the pandemic has made addressing cybersecurity weaknesses an urgent operational necessity in higher education. Between the changing nature of how education is delivered, and emboldened threat actors, higher ed now faces an unprecedented threat level. 

Although far from new in technological terms, the ubiquity of public and hybrid cloud use is a relatively recent phenomenon. Driven in part by the current COVID-19 pandemic, it would be difficult to find an organization that isn't relying on a cloud-based service right now.

With more people working from home than ever before in history, virtual desktop infrastructures have arisen as a fast and cost-effective method to ensure that remote workers can access the applications they need from wherever they are. In fact, VDI use might soon increase, as Gartner recently found that 74 percent of CFOs intend to shift some positions to working from home permanently because of increased efficiencies.