Last month, without much fanfare, Morphisec announced the launch of its Women in Cybersecurity Scholarships. The program arose from a chance discussion between Netta Schmeidler, our VP Product, and me. She was describing how she felt so lucky that an encounter in her life at a critical point led her down this career path. We began talking about what we as individuals, as a company and as an industry could do to encourage girls to explore the field.
Two weeks ago, Morphisec Lab, led by VP R&D Michael Gorelik, warned of a new attack by the FIN7 cybercrime group against restaurants across the US. Earlier this year, the financially motivated FIN7 group, one of the leading threat actor groups operating today, targeted restaurant chains Chipotle, Baja Fresh and Ruby Tuesday, among others. And you certainly remember the massive 2016 attack on the Wendy’s fast food chain, which resulted in over 1000 Wendy’s locations hit by a credit card breach. Numbers were also big in the Arby’s data breach discovered in January 2017: according to the credit union service PSCU, 350,000 credit and debit card accounts might have been impacted by the hack on Arby’s point-of-sale (PoS) systems.
They’re starting to be as reliable as clockwork. Every 3-4 weeks a new wave of Hancitor campaigns hits, with improved targeting and new tricks to evade detection. The latest variant comes via a malicious MS Word attachment to a fairly convincing email. How do we know? Our own CEO, Ronen Yehoshua, was one of the latest targets. Maybe the folks behind Hancitor liked our technical analysis (or get the original Hancitor report in PDF format) of the last attack so much that they wanted to deliver a new version for analysis personally.
The FireFox zero-day recently used in the wild made headlines when TOR users that fell victim to the attack lost the one thing they were looking for: anonymous browsing. Speculation ran rife that the exploit may have been created by the FBI or another governmental agency, especially as the attack resembled past investigations used to identify Tor users.
Here is a treat for our Polish speaking readers!
In yesterday’s interview with Poranek WTK, Dawid Nogaj, CEO of PC Service and authorized Morphisec distributor in Poland, explains why signature-based endpoint security solutions are on their way out. After his participation at Morphisec’s first Distributor Summit at the beginning of March, Dawid is more convinced than ever that Moving Target Defense is the ultimate answer to advanced threats.
In an article published by Tech Crunch last week, tech reporter Ben Dickson investigates the new generation of smart malware. He manages to sum up the crux of the problem in two sentences: “Virus definition databases don’t seem to account for the growing number of new malware species and variants, especially when they’re smart enough to evade discovery. More devious genus of malware are succeeding at even duping advanced security tools that discover threats based on behavior analysis.”
Join Morphisec at DCOI 2016 – the Defensive Cyberspace Operations and Intelligence conference – to be held in Washington D.C. May 18-19. This annual high-level US-Israel cyber security summit aims to enhance international cooperation and promote “extraordinary developments in the technological, intelligence and policy-making domains of cyberspace.”
The technology research group TechTarget recently published their findings from a survey on endpoint security at medium to large enterprises. The results corroborate trends all too evident in the news: Despite the features and functionality added to endpoint protection software over the last few years, “organizations are still in search of effective protection techniques against unknown threats and malware.”