Morphisec Cyber Security Blog

With October National Cybersecurity Awareness Month (NCSAM) and November Critical Infrastructure Security and Resilience Month, Morphisec is publishing a series posts on industries included in the DHS list of 16 critical infrastructure sectors.

The healthcare industry needs to focus on its own cyber health. That’s the upshot of the latest round of reports and announcements from industry experts across the board.

ECRI Institute, a leading patient safety and medical technology research organization, recently released their 2019 Top Health Technology Hazards. Cybersecurity topped the annual list,

The Fallout exploit kit, named for its similarities to the once notorious Nuclear exploit kit, already shows signs of reaching the levels of popularity of its namesake. Since its discovery by security researchers at the end of August, Fallout has been seen distributing the SmokeLoader trojan, GandCrab ransomware, CoalaBot, various potentially unwanted programs (PUPs) and, most recently, a new ransomware strain called SAVEfiles.

Morphisec nearly swept the XCellence Awards at the Midsize Enterprise Summit (MES) Fall 2018 conference. Morphisec won the top award in three categories – including Best Software Solution – and was nominated for another, beating out several long-time incumbents.

Morphisec officially opened its new corporate headquarters in the Gav-Yam Negev Advanced Technologies Park in Beer Sheva, Israel. Known as Israel’s leading cybersecurity technology center of innovation, the park is a collaborative endeavor of Ben Gurion University, the city of Beer-Sheva, and real estate developer KUD International. It brings together academia, advanced research, local government, business entrepreneurship and the global technology industry.

If you’ve stayed at any large hotel chain in the past year, there’s a good chance your personal details have been compromised. According to Verizon’s 2018 Data Breach Investigations Report, the accommodation industry had one of the highest number of breaches, second only to healthcare. 

Morphisec is honored to have received awards in three out of six categories at this year's Midmarket CIO Spring Forum. The annual Vendor Excellence and Midmarket CIO Awards recognize leaders in technology collaboration. 

Over 77% of all cyber crimes target small and midsize enterprises. According to the 2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB) report by the Ponemon Institute, cyberattacks cost small and medium-sized businesses an average of $2,235,000.

Morphisec Moving Target Defense verified as Citrix Ready to enhance protection with Citrix XenApp and XenDesktop

CISOs face an escalating battle on two fronts: externally from ever-more sophisticated attackers and internally in managing all the threat protection and additional security layers they put in to stop them. And they are losing. Despite added technology complexity and operational overhead, cyber criminals still manage to get past defenses.

According to a a new report from analyst firm ESG, 72% of organizations believe that security operations are more difficult today than they were two years ago yet 54% still suffered at least one security incident.

Two weeks ago, Morphisec Lab, led by VP R&D Michael Gorelik, warned of a new attack by the FIN7 cybercrime group against restaurants across the US. Earlier this year, the financially motivated FIN7 group, one of the leading threat actor groups operating today, targeted restaurant chains Chipotle, Baja Fresh and Ruby Tuesday, among others. And you certainly remember the massive 2016 attack on the Wendy’s fast food chain, which resulted in over 1000 Wendy’s locations hit by a credit card breach. Numbers were also big in the Arby’s data breach discovered in January 2017: according to the credit union service PSCU, 350,000 credit and debit card accounts might have been impacted by the hack on Arby’s point-of-sale (PoS) systems.

The recent FireEye discovery of an Angler Exploit Kit variant that bypasses Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) has taken the cyber security world by surprise – but it shouldn’t have. New variants of the Angler EK crop up constantly (see Javascript in IE Overtakes Flash as Number One Target for Angler Exploit Kit) and EMET was never meant to be infallible, just make it more difficult for hackers. EMET, which uses a set of predefined rules to prevent specific malware, is often relied upon to stop zero-day attacks on Windows systems until a patch is developed for the vulnerability. Although researchers have previously discovered vulnerabilities that allowed them to bypass EMET defenses, this is the first time an exploit in the wild has been successful.