<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">

Michael Gorelik

Michael is Morphisec’s CTO / VP R&D and chief bad guy researcher. Michael holds Bsc and Msc degrees from the Computer Science department at Ben-Gurion University, focusing on low-level Synchronization in different OS architectures.
Find me on:

Recent Posts

Morphisec Compatibility Update for Windows 10 V. 1809, Office 365 32-bit

Posted by Michael Gorelik on December 6, 2018 at 1:23 PM

Microsoft has introduced significant changes in the loader functionality as part of its new re-release of Windows 10 v 1809.

Morphisec and Microsoft identified an issue impacting users running Morphisec’s ETP agent on top of Windows 10 v. 1809 with the Office 365 32-bit application.

Read More

Topics: Company News, Product

Morphisec Uncovers Global “Pied Piper” Campaign

Posted by Michael Gorelik on November 29, 2018 at 10:32 PM

Note: This post was updated 11-30-18 with details of a new intercepted attack. See technical description below.

Over the past three days, Morphisec Labs researchers have discovered a widespread cyber campaign hitting multiple targets. Morphisec researchers dubbed the campaign “Pied Piper”as it delivers various Remote Access Trojan (RAT) payloads via phishing, across multiple countries.

Read More

Topics: Threat Alerts, Cyber Attacks, Attack Analysis, FlawedAmmyy

FIN7 Not Finished – Morphisec Spots New Campaign

Posted by Michael Gorelik on November 21, 2018 at 5:55 PM

This blog was co-authored by Alon Groisman.

It seems like the rumors of FIN7’s decline have been hasty. Just a few months after the well-publicized indictment of three high-ranking members in August, Morphisec has identified a new FIN7 campaign that appears to be targeting the restaurant industry.

Read More

Topics: Threat Alerts, Cyber Attacks, FIN7, Attack Analysis

Cobalt Group 2.0

Posted by Michael Gorelik on October 8, 2018 at 2:46 PM

 

Over the past year, Morphisec and several other endpoint protection companies have been tracking a resurgence in activity from the Cobalt Group. Cobalt is one of the most notorious cybercrime operations, with attacks against more than 100 banks across 40 countries

Read More

Topics: Threat Alerts, Fileless Attacks, Attack Analysis, APT, Moving Target Defense

Introducing the First-ever Morphisec Labs Threat Report

Posted by Michael Gorelik on June 20, 2018 at 9:58 AM

So far, 2018 has turned out to be anything but business as usual, at least on the cybersecurity front. The revelation about CPU vulnerabilities Meltdown and Spectre (and all the offshoots); the explosion in cryptojacking – which is likely even more widespread than current estimates; the lightning speed at which the newest sophisticated attack technology is adopted by mass market criminals.

Read More

Topics: MLTR, Threat Report, Research, CISO, Mordechai Guri, Endpoint Security, Cyber Security

[CRITICAL ALERT] CVE-2018-4990 Acrobat Reader DC Double-Free Vulnerability

Posted by Michael Gorelik on June 18, 2018 at 6:20 PM

 

After more than four years with no weaponized exploits for Adobe Acrobat Reader, researchers at ESET identified a weaponized PDF that allows attackers to execute arbitrary code on the targeted machine and eventually assume full system control. The PDF exploits two previously unknown vulnerabilities, Acrobat Reader vulnerability CVE-2018-4990 and a privilege escalation vulnerability in Microsoft Windows, CVE-2018-8120.

Adobe Reader has a built-in sandbox feature that usually makes exploitation difficult. By combining vulnerabilities, this attack achieves code execution and then bypasses the sandbox protection to fully compromise the targeted system.

Read More

Topics: Threat Alerts, Attack Analysis, Endpoint Security, Zero-day, Research

CVE-2018-8174 Blows the VBScript Attack Door Wide Open

Posted by Michael Gorelik on May 25, 2018 at 5:42 PM

 

In April, researchers at Qihoo 360 Core Security Division discovered a VBScript vulnerability actively exploited in targeted attacks. Since then, it has appeared in additional attack campaigns. The vulnerability, CVE-2018-8174, dubbed "Double Kill",  is significant on several counts.

Read More

Topics: Threat Profile, Threat Alerts, Exploits, Cyber Security

Watering Hole Attack on Leading Hong Kong Telecom Site Exploiting Flash Flaw (CVE-2018-4878)

Posted by Michael Gorelik on March 23, 2018 at 7:01 AM

On March 21,2018, Morphisec Labs began investigating the compromised website of a leading Hong Kong Telecommunications company after being alerted to it by malware hunter @PhysicalDrive0. The investigation, conducted by Morphisec researchers Michael Gorelik and Assaf Kachlon, determined that the Telecom group's corporate site had indeed been hacked. Attackers added an embedded Adobe Flash file that exploits the Flash vulnerability CVE-2018-4878 on the main home.php page.

Read More

Topics: Threat Alerts, Fileless Attacks, Attack Analysis, Exploits, Cyber Attacks

Morphisec Uncovers New Attack Vector Named CIGslip That Bypasses Microsoft Code Integrity Guard (CIG)

Posted by Michael Gorelik on March 7, 2018 at 12:50 PM

Morphisec researchers Michael Gorelik and Andrey Diment have discovered CIGslip, a new method which can be exploited by attackers to bypass Microsoft’s Code Integrity Guard (CIG) and load malicious libraries into protected processes such as Microsoft Edge.

Read More

The Lazarus Group Strikes Again - Or is it an Imposter? The Latest CVE-2018-4878 Attack

Posted by Michael Gorelik on March 2, 2018 at 2:13 AM

The Lazarus Group, also known as Hidden Cobra, may be in play again. The notorious cybercrime group is allegedly responsible for some of the most devastating attacks over the past few years, including the SWIFT network hack that stole $81 million Central Bank of Bangladesh issued and the 2014 destructive wiper attack against Sony Pictures. Some also link the WannaCry ransomware breakout to the same group.

Many of the existing reports covering the Lazarus attacks suggest links to North Korea. In fact, Hidden Cobra is the U.S. Government’s designation for malicious cyber activity conducted by the North Korean government.

On February 28, 2018, Morphisec Labs identified and prevented a suspicious document uploaded to VirusTotal that exploits the latest Flash vulnerability CVE-2018-4878. While analyzing the exploit and the downloaded payload, we immediately identified a near-perfect match to many of the techniques used during various attacks that are attributed to the Lazarus Group.

Read More

Topics: Threat Profile, Cyber Security, Exploits

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts