Watering Hole Attack on Leading Hong Kong Telecom Site Exploiting Flash Flaw (CVE-2018-4878)

Posted by Michael Gorelik on March 23, 2018 at 2:01 PM

On March 21,2018, Morphisec Labs began investigating the compromised website of a leading Hong Kong Telecommunications company after being alerted to it by malware hunter @PhysicalDrive0. The investigation, conducted by Morphisec researchers Michael Gorelik and Assaf Kachlon, determined that the Telecom group's corporate site had indeed been hacked. Attackers added an embedded Adobe Flash file that exploits the Flash vulnerability CVE-2018-4878 on the main home.php page.

Read More

Topics: Exploits, Cyber Attacks, Attack Analysis, Fileless Attacks, Threat Alerts

Threat Profile: Dofoil (Smoke Loader) Trojan with Coin-Miner 

Posted by Roy Moshailov on March 22, 2018 at 2:08 PM

 

These days, most malware employs a long attack chain with anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. More and more frequently, they are also incorporating coin miners in attacks. Such is the case with a newly observed variant of the Dofoil (also known as Smoke Loader) trojan, which includes a resource-draining cryptocurrency-mining payload. This latest Dofoil strain entered the scene earlier this month and is currently still active.

Read More

Topics: Cyber Attacks, Attack Analysis, Threat Profile

Flash Exploit, CVE-2018-4878, Spotted in The Wild as Part of Massive Malspam Campaign

Posted by Michael Gorelik on February 25, 2018 at 7:42 PM

 

On February 22, 2018, Morphisec Labs spotted several malicious word documents exploiting the latest Flash vulnerability CVE-2018-4878 in the wild in a massive malspam campaign. Adobe released a patch early February, but it will take some companies weeks, months or even years to rollout the patch and cyber criminals keep developing new ways to exploit the vulnerability in this window

Read More

Topics: Exploits, Cyber Attacks, Attack Analysis, Malspam

Threat Profile: GandCrab Ransomware

Posted by Roy Moshailov on February 23, 2018 at 11:08 PM

GandCrab Ransomware

These days, most malware employs long chain attack and anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. Such is the case with GandCrab, a new ransomware strain that entered the scene late last month and is currently active.

Read More

Topics: Ransomware, Exploit Kit, Attack Analysis, Custom Packer, Threat Profile

CVE-2018-4878: An Analysis of the Flash Player Hack

Posted by Michael Gorelik on February 8, 2018 at 2:30 PM

 

Before diving into the analysis of CVE-2018-4878, a quick reminder that this is the continuation of our previous post, which provided background on CVE-2018-4878, including a  video of how Morphisec prevents any attacks leveraging this Flash vulnerability. Morphisec prevents the attack at all phases and components in the attack chain – during the exploit, the shellcode, as well as the malware which is executed using wbscript.exe with additional in-memory command control code.

At the time of the previous post, the vulnerability was still a zero-day. Adobe released a new version that fixed the flaw yesterday. With that fix available, Morphisec is now free to release technical details of the attack.

Read More

Topics: Exploits, Cyber Attacks, Zero-day, Attack Analysis

Best of 2017: Our Top 5 Posts of the Year

Posted by Morphisec Team on December 29, 2017 at 12:52 AM

 

Read More

Topics: Moving Target Defense, Cyber Security, Attack Analysis, Fileless Attacks

Fileless Malware: Attack Trend Exposed

Posted by Michael Gorelik on November 30, 2017 at 1:22 AM

A report co-authored by Michael Gorelik, CTO and VP R&D, and Roy Moshailov, Malware Research Expert at Morphisec.

Fileless malware is a type of a malicious code execution technique that operates completely within process memory; no files are dropped onto the disk. Without any artifacts on the hard drive to detect, these attacks easily evade current detection solutions.

Read More

Topics: Cyber Attacks, Research, Attack Analysis, Fileless Attacks

FIN7 Dissected: Hackers Accelerate Pace of Innovation

Posted by Michael Gorelik on October 13, 2017 at 3:23 PM

 

Read More

Topics: Research, Endpoint Security, Cyber Security, Attack Analysis

RIG exploit kit returns, with modified pattern and free generated “freenom” domains

Posted by Michael Gorelik on September 26, 2017 at 11:20 PM

 

This report was authored by: Michael Gorelik and Assaf Kachlon.

Last week’s malware news was filled with the CCleaner backdoor exposed by Morphisec’s security solution. This week Morphisec uncovered another ongoing malware campaign, this one a drive-by-download attack that uses a modified version of the old (in hacker time) favorite, the RIG exploit kit.

First appearing in 2014, RIG generally uses gates to redirect victims from a compromised website to a landing page that contains the EK, exploiting vulnerabilities in JavaScript, Flash and VBscript in the infection chain.

Over the past 10 days, Morphisec's Threat Prevention Solution stopped a modified RIG exploit kit distributed to a large number of customers in a major drive by download campaign. Upon customer notification about the web-borne attack, we immediately identified the type of exploit kit and the delivered exploits. We reported the abuse of the registered domains to Freenom.com, the domain registration entity.

Read More

Topics: Research, Endpoint Security, Cyber Security, Attack Analysis

Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users

Posted by Michael Gorelik on September 18, 2017 at 9:40 PM

 

As widely reported today, the Avast-owned security application CCleaner was illegally modified by hackers to establish a backdoor to the hackers’ server. According to Avast, some 2.27 million users were running the weaponized version 5.33 of CCleaner. In addition, the CCleaner’s cloud version 1.07 was affected. Morphisec was first to uncover the CCleaner Backdoor saving millions of Avast user. 

Morphisec first identified and prevented malicious CCleaner.exe installations on August 20 and 21, 2017 at customer sites. Some customers shared their logs of the prevented attacks with Morphisec on September 11, 2017.Morphisec started to investigate the prevention logs right away.

Read More

Topics: Research, Endpoint Security, Cyber Security, Attack Analysis

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts