Cybersecurity Tech Investment Planning: Use annual loss expectancy to build a business case
arrow-white arrow-white Download now

Best of 2017: Our Top 5 Posts of the Year

Posted by Morphisec Team on December 28, 2017
Find me on:


top 5 2017 orange.png

Every year, cybersecurity manages to outdo itself and 2017 was no exception. The most attacks, the most ransomware dollars spent, the most money spent on cybersecurity products. In the end though, the year’s biggest claim to fame might be how cybersecurity became a household term. The WannaCry outbreak, Equifax breach and U.S. election hack news planted cybersecurity firmly in the public eye. Interest in the subject now spans generations, from millennials to retirees – Google searches on the term “cyber security” hit an all-time high this year.

So which subjects did our readers (who probably aren’t millennials or retirees) find the most fascinating this year? Unsurprisingly, the most frequented blog posts on our site concerned new and ongoing threats and how to prevent them.

The top 5 viewed posts of the year:

1.  Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users

The most popular post of 2017 goes to the discovery of the CCleaner backdoor by Morphisec.  In August, the Avast-owned security application CCleaner was illegally modified by hackers to establish a backdoor to the hackers’ server. According to Avast, some 2.27 million users were running the weaponized version 5.33 of CCleaner. It was Morphisec’s notification to Avast and work with law enforcement agencies that prevented the supply chain hack from causing more damage than it did. Read the post.

2.  Iranian Fileless Attack Infiltrates Israeli Organizations

In April, a politically-motivated, targeted campaign was carried out against numerous Israeli organizations. The attack was delivered via Microsoft Word documents that exploited a former zero-day vulnerability in Word, CVE-2017-0199, to install a fileless variant of the Helminth Trojan agent. Initial reports of the attacks stated that the attack was delivered through compromised email accounts at Ben-Gurion University and sent to multiple targets across Israel. Morphisec researchers uncovered additional details, attributing the attacks to the same infamous hacker group responsible for the OilRig malware campaigns. Read the analysis.

3.  FIN7 Takes Another Bite at the Restaurant Industry

Cybercrime groups are constantly developing new techniques to evade detection. In June, Morphisec Lab identified a new, highly sophisticated fileless attack targeting restaurants across the US that allowed hackers to install a backdoor to steal financial information. It incorporated some never before seen evasive techniques that allow it to bypass most security solutions – signature and behavior based. Aside from these updated techniques, Morphisec’s investigation revealed an almost perfect match to FIN7 attack methods, the group responsible for highly successful and damaging attacks on banks, SEC personnel, large restaurant chains and hospitality organizations. Read the report.

4.  Morphisec Discovers New Fileless Attack Framework

Morphisec routinely tests it Endpoint Threat Solution against new attacks, particularly sophisticated attacks marked by low detection rates. While investigating such an attack, we not only observed several variations of the attack on different targets, but also discovered a complete attack framework used to deliver several severe attacks that targeted banks, enterprises and governmental organizations. In the course of the investigation, our researchers even interacted with the attacker via the very same PowerShell protocol used for the attack delivery.  Read the report.

5.  Windows, Drivers and Digital Signatures

This post is the one anomaly in a list dominated by attacks and threats. Here Itai Sanders shares his own step-by-step “developer's diary” on how to make a driver digitally signed to work across multiple Windows OS versions. This post arose from his own work to ensure Morphisec product compatibility for various client environments, with operating systems as old as Windows 7 all the way to the newest Windows 10 with its latest updates. Read the diary.

While the in-depth technical analyses continue to draw the most readers, this year also saw a surge of interest in fileless attacks in general and methods for combatting them. This kept several old standbys going strong through 2017. Still in the top 10 are:

Moving Target Defense (MTD) uses counter-deception techniques that constantly change the target surface, so that attackers can’t get a foothold. This post introduces the main categories and techniques of MTD.

This 2016 post arose when Morphisec Lab, in testing our solution against a new type of malicious document threat (it prevented it no problem), traced the malicious behavior back to EPS file processing. This technical analysis examines how the exploit works at the PostScript abstraction level. Read the post.

This analysis took real document samples with embedded macro and in-memory attacks from VirusTotal, decrypted the macro commands, and looked at the different types of evasive techniques. Read all about it.

Don't wait until next year's top blog list to find out what you missed. Subscribe below to keep up with the latest cyber threats, industry news and more.