The evolution of cybersecurity has been a journey of increasingly sophisticated defense innovations. It began with basic anti-virus (AV) software, which relied on static analysis to identify known threats by scanning binaries and files.
As cyber threats evolved, so did defensive capabilities. Next-generation anti-virus (NGAV) software and endpoint protection platforms (EPP) incorporated dynamic analysis, which involves executing files in a controlled, sandboxed environment to observe behavior, allowing for more accurate threat detection.
Next came Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), and Managed Detection and Response (MDR) technologies. These solutions introduced behavioral analysis, which goes beyond static and dynamic analysis by monitoring the real-time execution of processes. EDR, in particular, hooks into critical system functions to analyze the full context of a potential threat, not just the suspicious file itself. This has allowed security teams to detect more complex, multi-stage attacks that traditional AV solutions might miss.
Detection and response is not enough
While these technologies have dramatically improved a team’s ability to detect and respond to cyber threats, they still operate within a reactive framework — they focus on identifying and responding to threats that have already breached defenses.
This is where Automated Moving Target Defense (AMTD) comes in, representing a paradigm shift in cybersecurity strategy. AMTD changes the game by adopting a proactive, preventive approach. Inspired by a fundamental military strategy—making a moving target harder to hit than a stationary one—AMTD introduces constant, dynamic changes to the IT environment.
These changes can involve altering configurations, rotating credentials, shifting IP addresses, or even modifying the runtime environment in unpredictable ways. By continuously morphing the attack surface, AMTD increases the uncertainty and complexity for attackers, making it significantly harder for them to find and exploit vulnerabilities.
One of the key advantages of AMTD is its ability to prevent attacks before they even begin. For example, Morphisec's AMTD technology uses an ultra-lightweight agent to block unauthorized processes with deterministic precision. Unlike traditional methods that rely on probabilistic analysis—which can result in false positives or missed threats—Morphisec’s approach is direct and efficient, minimizing the impact on system performance while maximizing security.
Threats prevented by Morphisec AMTD
Attackers are constantly evolving and refining their techniques to outpace defensive tools and technologies. While many of these tactics aren't entirely new, attackers are finding success by iterating on tried-and-true methods, always seeking the quickest route to gain access.
For instance, the Verizon 2024 Data Breach Investigations Report (DBIR) revealed that vulnerability exploitation as an entry point for breaches nearly tripled in 2023, with a staggering 108% increase. Often, attackers exploit vulnerabilities faster than organizations can patch them. The DBIR notes that while it takes organizations an average of 55 days (about 2 months) to address vulnerabilities, threat actors begin large-scale scanning for these same weaknesses within just five days.
Once attackers gain initial access, they can launch devastating and often undetectable attacks, such as ransomware or pure extortion schemes— the latter of which saw a significant rise in 2023, accounting for 9% of all breaches according to the DBIR.
While the ratio of vulnerabilities exploited is low relative to the volume of annual vulnerability disclosures, the number of vulnerabilities with exploitation is climbing. In recent findings, Cyentia interestingly observed less than 5% of exploited vulnerabilities hit more than 1 in 10 organizations.
Source: https://www.cyentia.com/wp-content/uploads/2024/07/EPSS-Exploration-Of-Exploits.pdf
In today’s landscape of pervasive risk, security leaders must move beyond a reactive approach to embrace a preventive mindset, and preventative technology like Morphisec AMTD, which is proven to stop attacks that other technology misses.
Traditional technology like Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) face challenges with advanced and unknown threats, like those that leverage vulnerability exploitation for systems access. Because these systems rely on signature and behavior-based detection methods, attackers are increasingly finding success when using sophisticated fileless, in-memory and zero-day attacks — which now account for roughly 30% of attack methods. In other words, traditional EDR or XDR solutions produce a gap that’s missing 30% of the sophisticated and increasingly pervasive attacks targeting organizations today.
The following graphic offers a sampling of the different kinds of threats stopped by Morphisec AMTD. We’ll share examples below.
See the interactive chart here.
Banking Trojans
In 2021, an Osiris trojan campaign targeted companies worldwide. Morphisec identified a significant campaign targeting multiple German customers in manufacturing. Targeted personnel were redirected to compromised websites which delivered advanced fileless downloaders that eventually led to an Osiris client.
In 2024, Morphisec Labs identified a significant increase in activity linked to Mispadu (also known as URSA), a banking trojan first flagged by ESET in 2019.
Bot/Miner
In 2023, Morphisec identified a highly evasive malware campaign delivering ProxyShellMiner to Windows endpoints. The campaign exploited ProxyShell vulnerabilities for initial access and compromise of an organization to deliver crypto miners.
Exploits
Vulnerability exploitation remains a top attack technique for systems access. So far this year more than 17 thousand CVEs (Common Vulnerabilities and Exposures) have been published, affecting hundreds of popular and widely used applications like Adobe, Google Chrome and Microsoft Office.
As part of ongoing efforts to identify newer vulnerabilities in Microsoft Office applications, Morphisec researchers discovered multiple critical vulnerabilities, including CVE-2024-38173, CVE-2024-38021 and CVE-2024-30103, all of which are zero click vulnerabilities, making them particularly simple to execute.
Info/Key Stealers
This year Morphisec Threat Labs released findings related to an update to the Chaes malware Infostealer series, which they coined Chae$ 4.1.
In 2021, Morphisec tracked and identified a new .NET infostealer variant called Jupyter that primarily targeted Chromium, Firefox and Chrome browser data; its attack chain, delivery and loader demonstrated additional capabilities for full backdoor functionality.
Loader/Backdoor
Morphisec AMTD successfully identified and prevented a new variant of IDAT loader, which is used to deliver a range of malware payloads based on the attacker’s assessment of a victim’s system.
Ransomware
LockBit marked the emergence of Ransomware-as-a-Service platforms that allowed cybercriminals to rent ransomware infrastructure and tools, lowering the entry barrier for conducting ransomware attacks.
Morphisec’s ransomware prevention provides early attack visibility by preventing advanced in-memory backdoors, denying attackers a foothold within an environment.
Remote Access Trojans (RAT)
Downloaders remain popular; Morphisec AMTD has prevented numerous RAT-based attacks, including Guloader, NanoCore, Parallax, Orcus, Babuk and MineBridge.
Harden your security posture with AMTD
AMTD seamlessly integrates with existing cybersecurity frameworks like NGAV, EPP, EDR, and XDR. This means that security leaders can enhance their existing defenses without having to overhaul their entire infrastructure. By adding an AMTD layer, organizations can achieve a more robust, defense-in-depth strategy that can stop even the most evasive and undetectable attacks.
As cyber threats continue to evolve, so too must our defenses. Automated Moving Target Defense represents the future of cybersecurity by shifting the focus from reaction to prevention, making it the next logical (and innovative) step in the ongoing evolution of security technology.
Experience Morphisec AMTD — schedule a demo today.