Roy Moshailov
Roy is Morphisec's expert malware researcher, dissecting even the most sophisticated and evasive attacks into its pieces.
Serving in an IDF Intelligence Unit, Roy gained extensive and hands-on experience in the cybersecurity field.
These days, most malware employs a long attack chain with anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. More and more frequently, they are also incorporating coin miners in attacks. Such is the case with a newly observed variant of the Dofoil (also known as Smoke Loader) trojan, which includes a resource-draining cryptocurrency-mining payload. This latest Dofoil strain entered the scene earlier this month and is currently still active.
Read More
Topics:
Cyber Attacks,
Attack Analysis,
Threat Profile
GandCrab Ransomware
These days, most malware employs long chain attack and anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. Such is the case with GandCrab, a new ransomware strain that entered the scene late last month and is currently active.
Read More
Topics:
Ransomware,
Exploit Kit,
Attack Analysis,
Custom Packer,
Threat Profile
Towards the end of 2017, a group of researchers at Embedi discovered a Microsoft Office vulnerability that’s been quietly putting systems in danger for about 17 years.
Read More
Topics:
Exploits,
Cyber Attacks,
MS Office Exploits,
Threat Profile
RokRAT is a sophisticated Remote Access Trojan (RAT) that is skilled at evading detection and uses multiple techniques to make analysis difficult. The current RokRAT campaign was identified by Cisco Talos in November. The earliest known RokRAT campaign occured in April, although this used a less evasive malware variant.
Read More
Topics:
Exploits,
Custom Packer,
Threat Profile
Ransomware remained a major cybersecurity threat in 2017, leaving a trail of victims across all industries, company sizes and geographical borders. Phishing emails are the top ransomware delivery mechanism and they grow in number and sophistication daily. According to IBM, the number of ransomware-infected emails increased 6,000% this year. And the days of easily spotted spelling mistakes and obvious scams are long gone. Today’s phishing attacks are clever and subtle enough to trick even security veterans.
Read More
Topics:
Ransomware,
Sandbox evasion,
Cyber Security,
Threat Profile
Packer-based malware is malware which is modified in the runtime memory using different and sophisticated compression techniques. Such malware is hard to detect by known malware scanners and anti-virus solutions. In addition, it is a cheap way for hackers to recreate new signatures for the same malware on the fly simply by changing the encryption/packing method. Packers themselves are not malware; attackers use this tactic to obfuscate the code’s real intention.
Read More
Topics:
Cyber Attacks,
Sandbox evasion,
Cyber Security,
Attack Analysis,
Custom Packer
The full report is also available as PDF.
On December 12, 2016 Morphisec identified and monitored a new wave of sophisticated malware delivered via targeted phishing emails with malicious macro-based documents attached. The malicious documents themselves use a clever, new social engineering technique to convince the target to enable macros. Once enabled, the document calls an unknown downloader that resembles the Cerber downloader, but employs new obfuscation techniques.
Read More
Topics:
Sandbox evasion,
Attack Analysis
The full report is also available as PDF.
From November 7 – 15, 2016, Morphisec identified and monitored a new wave of sophisticated malware attacks using a modified version of the Hancitor downloader. The malware is delivered via targeted phishing emails with malicious macro-based documents attached.
Read More
Topics:
Attack Analysis
