Moving Target Defense Blog

Cybersecurity spending have continued moving upward trend over the past several years. Just last year, budgets increased 12.4%. In 2020, Gartner expects a more modest increase of 2.4% ending at $123 billion in IT security spending for the year overall. So who really benefits from the increased spending? It certainly hasn’t been the customer. Economic breach damage currently worse than ever. By next year, cyber damage on the global economy is expected to reach $6 trillion annually according to Cyber Security Ventures. To put that into perspective, that’s more than the GDP of Germany and the United Kingdom combined. Alarming damage.

The economic impact of a successful breach is one of the easiest to quantify. It’s also increasing constantly, with analysts predicting the cost of cybercrime globally will exceed $6 trillion annually by 2021, a 100% increase from 2015. Much of this cybercrime is perpetrated on or through the endpoint, with an end goal typically of either data exfiltration or encrypting the data and charging a ransom (often it’s both).

The term “new normal” means different things to different people. For some, the term is synonymous with a return to the office (just with a few tweaks), while others think that co-located teams are gone for good. The reality is probably somewhere in between. Household names like Google and Facebook are planning for a future where most of their employees work remotely most of the time. And where big tech goes, other organizations tend to follow.

Millions of desks are sitting empty because of the COVID-19 epidemic, turning remote work into the “new normal.” Sudden as this transformation may be, however, it’s actually an acceleration of existing trends.

In this blog, we will present some findings on how NanoCore RAT 1.2.2.0 is actively being delivered in new and different ways that we discovered at Morphisec Labs in the last couple of months. Specifically, we will focus on the sophisticated fileless methods for delivering the RAT without touching the disk.

In August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another enterprise in the automotive industry.

With summer waning, kids back in school, and year-end quotas looming, we’re coming up to the busiest business travel season of the year. From September through November, business travelers log more trips than any other period. Most organizations take pains to keep their road warriors comfortable and protected from travel hazards, but what about the many lurking cyber hazards risks?

This week, headlines blew up with warnings of a design flaw in the CTF subsystem (msctf) of the Windows Text Services Framework that affects all current Windows systems and those going back as far as twenty years.

For the second year in a row, Morphisec has awarded three scholarships to top female students pursuing cybersecurity degrees around the world. The latest numbers still place women’s employment in the cybersecurity industry at only 24%, but the dedication and talent of the more than 400 applications that poured in from the United States, Europe and Israel are a testament to womens’ determination to change this statistic.

With their highly valuable payment card and personal sensitive information, Point-of-Sale (POS) systems present a ripe target for cybercrime groups. A successful breach can have enormous consequences for the attacked organization, from detecting and responding, to notifying victims, post-response support, lost business and potentially hefty government fines. Modern POS environments are complicated systems with multiple entry points for attack, from phishing emails or drive-by-download exploits on employee computers to vulnerable third-party suppliers. And while payment card security standards have introduced a basic protection framework, POS-attacks have not abated under the regulations — some of the largest breaches of the past several years are due to POS systems attacks.