Morphisec Cyber Security Blog

If you’ve stayed at any large hotel chain in the past year, there’s a good chance your personal details have been compromised. According to Verizon’s 2018 Data Breach Investigations Report, the accommodation industry had one of the highest number of breaches, second only to healthcare. 

On the 12th of April, Morphisec, identified and prevented a major wave of malspam purporting to be from HSBC Bank. The phishing campaign targeted several industrial manufacturing and service enterprises in Asia, using standard but still often effective social engineering tactics. The malicious email delivered a sophisticated info-stealing trojan via a weaponized ISO attachment. ISO files are a type of image archive format used for optical disk images, which can be opened using WinRAR and other programs.

Morphisec is honored to have received awards in three out of six categories at this year's Midmarket CIO Spring Forum. The annual Vendor Excellence and Midmarket CIO Awards recognize leaders in technology collaboration. 

Over 77% of all cyber crimes target small and midsize enterprises. According to the 2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB) report by the Ponemon Institute, cyberattacks cost small and medium-sized businesses an average of $2,235,000.

One of the hottest topics at last week’s RSA Conference was GDPR. Over twenty sessions covered GDPR from various angles and many more touched upon the subject in some way. This was hardly surprising – with the May 25^th compliance deadline looming, companies are frantically trying to understand the implications, their responsibilities and actions they need to take.

Although I’m excited to be at the RSA Conference with my Morphisec colleagues, it reminds me of the impetus for starting our Women in Cybersecurity Scholarship. Of 28 keynote speakers at RSAC, only seven are women, and six of these were added at the last minute following a string of scathing tweets and articles. This 25% figure seems to be the average percentage in the general sessions as well. I attended several that were one woman in a panel of four, a few that had only male speakers and a single session that had a majority female panel. If I had to guess the overall attendee and exhibitor gender split I’d say it fell along the same lines, but that percent is skewed by the number of women simply scanning badges.

Morphisec Moving Target Defense verified as Citrix Ready to enhance protection with Citrix XenApp and XenDesktop

CISOs face an escalating battle on two fronts: externally from ever-more sophisticated attackers and internally in managing all the threat protection and additional security layers they put in to stop them. And they are losing. Despite added technology complexity and operational overhead, cyber criminals still manage to get past defenses.

According to a a new report from analyst firm ESG, 72% of organizations believe that security operations are more difficult today than they were two years ago yet 54% still suffered at least one security incident.

On March 21,2018, Morphisec Labs began investigating the compromised website of a leading Hong Kong Telecommunications company after being alerted to it by malware hunter @PhysicalDrive0. The investigation, conducted by Morphisec researchers Michael Gorelik and Assaf Kachlon, determined that the Telecom group's corporate site had indeed been hacked. Attackers added an embedded Adobe Flash file that exploits the Flash vulnerability CVE-2018-4878 on the main home.php page.

These days, most malware employs a long attack chain with anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. More and more frequently, they are also incorporating coin miners in attacks. Such is the case with a newly observed variant of the Dofoil (also known as Smoke Loader) trojan, which includes a resource-draining cryptocurrency-mining payload. This latest Dofoil strain entered the scene earlier this month and is currently still active.

Register for our webinar Dynamic Endpoint Protection for Virtual Environments on March 21, 2018.

Virtual Desktop Infrastructure (VDI) offers many advantages but it is not attack proof and highly advanced cyberattacks present an ever growing threat. IT and Security teams need to rethink the fabric, the costs and the risks inherent within virtual environments. Endpoint protection for VDIs has always been problematic as they are extremely sensitive to the performance impact of security products. The wrong security tools will consume resources, slow system boot up and impede productivity.