The Morphisec Labs team has tracked an obfuscated VBScript package in campaigns since March 2020. Initially, the malware campaign was focused on targets within Germany, but has since moved on to additional targets--excluding any IP address within Russia or North Korea.
Read MoreIn this blog, we will present some findings on how NanoCore RAT 1.2.2.0 is actively being delivered in new and different ways that we discovered at Morphisec Labs in the last couple of months. Specifically, we will focus on the sophisticated fileless methods for delivering the RAT without touching the disk.
Read MoreDuring the period of March to May 2019, Morphisec Labs observed a new, highly sophisticated variant of the ShellTea / PunchBuggy backdoor malware that attempted to infiltrate a number of machines within the network of a customer in the hotel-entertainment industry. It is believed that the malware was deployed as a result of several phishing attempts.
Read More
Hworm/njRAT is a Remote Access Tool (RAT) that first appeared in 2013 in targeted attacks against the international energy industry, primarily in the Middle East. It was soon commoditized and is now part of a constantly evolving family of RATs that pop-up in various new formats. Today we see this attack employed on a regular basis as part of widespread spam phishing campaigns - if successful, Hworm gives the attacker complete control of the victim’s system. Morphisec Labs recently observed a new version with a minor modification to its obfuscation technique.
Read MoreIntroduction
This week, Kaspersky Lab reported initial details of a new supply chain attack on systems by computer giant ASUS. Dubbed ShadowHammer by Kaspersky, the attack leveraged a malicious version of ASUS Live Update,
Read MoreThis post was authored by Michael Gorelik and Alon Groisman.
Over the past 8-10 weeks, Morphisec has been tracking multiple sophisticated attacks targeting Point of Sale thin clients globally.
Read MoreThis post was authored by Michael Gorelik, Alon Groisman and Bruno Braga.
A new, highly sophisticated campaign that delivers the Orcus Remote Access Trojan is hitting victims in ongoing, targeted attacks. Morphisec identified the campaign after receiving notifications from its advanced prevention solution at several deployment sites.
Read MoreLet’s face it – there are a lot of threat reports and threat data floating around. What makes the Morphisec Labs Threat Report different is the type of threats it analyzes. It focuses on the threats that pose a real risk to organizations, the ones that get past standard and next-generation AI antivirus.
Read More
Note: This post was updated 11-30-18 with details of a new intercepted attack. See technical description below.
Over the past three days, Morphisec Labs researchers have discovered a widespread cyber campaign hitting multiple targets. Morphisec researchers dubbed the Pied Piper campaign as it delivers various Remote Access Trojan (RAT) payloads via phishing, across multiple countries.
Read MoreSearch Our Site
Recent Posts
Posts by Tag
- Cyber Security (98)
- Endpoint Security (78)
- Cyber Attacks (48)
- Attack Analysis (46)
- Company News (38)
- Moving Target Defense (37)
- Exploits (30)
- Morphisec Labs (29)
- Ransomware (24)
- Threat Alerts (19)
- Fileless Attacks (18)
- Threat Profile (18)
- APT (16)
- Zero-day (16)
- Industry News (15)
- Research (15)
- CISO (14)
- Events (14)
- Product (12)
- 0-day exploits (10)
- Malware (10)
- Patching (9)
- Sandbox evasion (6)
- VDI (6)
- virtual desktop security (6)
- Exploit Kit (5)
- Mordechai Guri (5)
- Remote Employees (5)
- Work from Home Security (5)
- advanced endpoint protection (5)
- virtual desktop infrastructure (5)
- ASLR (4)
- Custom Packer (4)
- Cyber Security Predictions 2017 (4)
- Proactive Cyber Defense (4)
- Threat Report (4)
- cloud workload security (4)
- Angler Kit (3)
- Cyber Security Stack (3)
- FIN7 (3)
- Holidays (3)
- Malspam (3)
- Ransomware Prevention (3)
- cloud workload protection (3)
- remote workforce (3)
- vdi security (3)
- Case Study (2)
- Collaboration Applications (2)
- Cyber threat landscape (2)
- Hospital Cybersecurity (2)
- MLTR (2)
- MS Office Exploits (2)
- Microsoft (2)
- POS (2)
- Proactive Prevention (2)
- Remote Access Trojan (2)
- Security Stack (2)
- Webinars (2)
- cloud security (2)
- non-persistent VDI (2)
- proactive cloud workload security (2)
- protect cloud workloads (2)
- Cerber (1)
- Citized Threat Index (1)
- Cobalt Group (1)
- Cyber Hygiene (1)
- Cyber hygiene practices (1)
- Cybersecurity Measures (1)
- Defender for Endpoint (1)
- Defending infrastructure against cyber threats (1)
- EDR (1)
- Emerging cyber threats (1)
- Emerging threats (1)
- Endpoint Detection and Response (1)
- Evasive Malware (1)
- FALLOUT EXPLOIT KIT (1)
- Fallout activity (1)
- Flash wrapper (1)
- FlawedAmmyy (1)
- GDPR (1)
- GRANDCRAB RANSOMWARE (1)
- Gozi (1)
- HEALTHCARE CYBERSECURITY (1)
- HEALTHCARE'S CYBERSECURITY WEAK SPOTS (1)
- Hancitor (1)
- Healthcare (1)
- Higher Education Cybersecurity (1)
- Hospitality Threat Index (1)
- Hotel Cybersecurity (1)
- Kovter (1)
- Morphisec Guard (1)
- NGAV (1)
- OCR Bypass (1)
- POS intrusions (1)
- PROTECT YOURSELF FROM GRANDCRAB (1)
- Pied Piper Campaign (1)
- Proactive Endpoint Protection (1)
- Product News (1)
- REMOTE COLLABORATION APPLICATIONS (1)
- Retail Cybersecurity (1)
- SECURITY RESILIENCY (1)
- SecOps (1)
- Supply Chain attack (1)
- ThreadKit (1)
- Ursnif (1)
- Zoom Security (1)
- advanced cyberthreat tactics (1)
- advanced threat prevention (1)
- advanced threat tactics (1)
- antivirus scanning processes (1)
- browser attacks (1)
- cloud misconfigurations (1)
- code injection (1)
- cyber prevention mechanisms (1)
- cyber strategies (1)
- cyberattack landscape (1)
- cybersecurity resilience (1)
- end to end visibility (1)
- endpoint security breaches (1)
- fallout protection (1)
- financial cyberattacks (1)
- financial cyberthreat (1)
- financial system threat (1)
- healthcare phishing schemes (1)
- malware authors (1)
- patch management processes (1)
- persistent VDI (1)
- proactive threat prevention (1)
- remote collaboration app security loopholes (1)
- remote workforce hidden risks (1)
- retail cybersecurity risks (1)
- threat prevention (1)
- virtual endpoints (1)
- zoom malware (1)
- zoom weaknesses (1)