Moving Target Defense Blog

The recent rise in remote working has up-ended the corporate IT landscape. In a matter of days, remote working went from a nice-to-have perk to necessity for millions of companies globally as countries continue to battle the COVID-19 pandemic. . To keep pace with changing business needs, organizations have embraced virtual desktop infrastructure (VDI), which can help keep distributed workforces safe, flexible, and connected.

Garmin has confirmed that the recent outage its users experienced was indeed the result of a successful ransomware attack. However, the extent of the damage done is still unclear. The attack, which compromised Garmin’s servers for five days, impacted millions of users globally and will likely end up costing Garmin millions of dollars in lost productivity and reputation alone. While Garmin says that no customer data was leaked, Garmin's call centers, web site, and cloud-based services such as Garmin Connect and FlyGarmin (a commercial aviation navigation service) were either taken offline or negatively impacted as a result of the attack.

We recently introduced Morphisec Guard, a full endpoint protection platform designed to secure your enterprise against the worst cyberattacks. Guard is a single lightweight offering, including world-class antivirus, together with the market's most advanced protection against unknown zero-days, fileless attacks, exploits, and evasive malware.

Defending your critical infrastructure against cyber threats has never been harder. Adversaries constantly innovate new techniques to exfiltrate or encrypt data, forcing defenders to play a cybersecurity version of “whack-a-mole” in their attempts to ameliorate any possible damage.

The economic impact of a successful breach is one of the easiest to quantify. It’s also increasing constantly, with analysts predicting the cost of cybercrime globally will exceed $6 trillion annually by 2021, a 100% increase from 2015. Much of this cybercrime is perpetrated on or through the endpoint, with an end goal typically of either data exfiltration or encrypting the data and charging a ransom (often it’s both).

Virtual desktop security is always a critical topic when enterprises leverage virtual desktop infrastructures, or VDI, as part of their internal IT strategy. In recent months, however, VDIs have grown in importance as more people work from home; deploying virtual desktops is one way to ensure that remote employees are securely accessing the data and applications they need to do their jobs.

The term “advanced persistent threats” describes the highly evolved nature of today’s cyberattacks. Hackers have developed sophisticated techniques – in-memory exploits, living-off-the-land attacks, remote access trojans, and more – that allow them to evade detection and attack in obscurity. However, as much as these techniques have changed over time, the underlying goal, or “tactic” as MITRE calls it in their ATT&CK framework, remains the same: stealing something valuable.

Since early March, the team at Morphisec Labs has been supporting enterprises as they shift to distributed workforces in response to COVID-19. From assisting hospitals with securing their remote workers to uncovering new weaknesses in collaboration applications that could pose a threat to business continuity, we’ve been working hand-in-hand with customers, counterparts at security companies, and authorities to stay ahead of defending against a rapidly evolving cyberattack landscape.

When it comes to public health, good cyber hygiene is paramount in avoiding infection. For companies looking to prevent cyber attacks, the same logic applies. According to a report by Accenture, the average number of security breaches a company faces each year has increased by 67 percent since 2014. Additionally, Ponemon Institute found that the average cost of successful attacks increased 78 percent between 2017 and 2019, from $5.01 million to $8.94 million.

The Morphisec Labs team has tracked an obfuscated VBScript package in campaigns since March 2020. Initially, the malware campaign was focused on targets within Germany, but has since moved on to additional targets--excluding any IP address within Russia or North Korea.