Morphisec Cyber Security Blog

With October National Cybersecurity Awareness Month (NCSAM) and November Critical Infrastructure Security and Resilience Month, Morphisec is publishing a series posts on industries included in the DHS list of 16 critical infrastructure sectors.

The healthcare industry needs to focus on its own cyber health. That’s the upshot of the latest round of reports and announcements from industry experts across the board.

ECRI Institute, a leading patient safety and medical technology research organization, recently released their 2019 Top Health Technology Hazards. Cybersecurity topped the annual list,

Its been a big week for Morphisec.

Yesterday Morphisec announced it has been awarded a contract by the Department of Homeland Security (DHS) for the build-out and enhancement of cyber protection capabilities for Virtual Desktop Infrastructure (VDI) systems. This is the first U.S. Federal initiative the company has pursued, and it’s a validation of how innovative and powerful its approach is with Moving Target Defense.

The Fallout exploit kit, named for its similarities to the once notorious Nuclear exploit kit, already shows signs of reaching the levels of popularity of its namesake. Since its discovery by security researchers at the end of August, Fallout has been seen distributing the SmokeLoader trojan, GandCrab ransomware, CoalaBot, various potentially unwanted programs (PUPs) and, most recently, a new ransomware strain called SAVEfiles.

Morphisec nearly swept the XCellence Awards at the Midsize Enterprise Summit (MES) Fall 2018 conference. Morphisec won the top award in three categories – including Best Software Solution – and was nominated for another, beating out several long-time incumbents.

The cybersecurity attack landscape moves fast, really fast. Last year, not a week passed that didn’t bring about news on a new ransomware incident. Of course ransomware’s very nature lends itself to newsworthy headlines based on how incredibly damaging to businesses this class of attacks can be.

Cybersecurity is an enormous investment with even more enormous consequences for mistakes. To build an optimal security stack you need to balance residual risks with total cost of ownership of the cyber security stack and with minimal disruption to operations.

Morphisec officially opened its new corporate headquarters in the Gav-Yam Negev Advanced Technologies Park in Beer Sheva, Israel. Known as Israel’s leading cybersecurity technology center of innovation, the park is a collaborative endeavor of Ben Gurion University, the city of Beer-Sheva, and real estate developer KUD International. It brings together academia, advanced research, local government, business entrepreneurship and the global technology industry.

Morphisec is pleased to announce the 2018 winners of the Morphisec Women in Cybersecurity Scholarship. The program offers three scholarships for female students enrolled in cybersecurity-related studies to support and encourage young women exploring a career in this field. In addition to the cash awards, the first place winner receives a personal mentoring session.

A new highly sophisticated botnet incorporating numerous malicious, evasive techniques is quickly spreading its tentacles. Dubbed MyloBot, the botnet uses an usually complex chain attack and combines multiple anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. Initial research published by Deep Instinct points out that everything on the victim’s end takes place in memory, while the main business logic of the botnet is executed in an external process using code injection. This makes it even harder to detect and trace.

Adobe disclosed that a Flash zero-day was being exploited in targeted attacks against Windows users. The critical vulnerability was discovered and independently reported by several security firms. Successful exploitation of the vulnerability allows arbitrary code execution which can ultimately lead to an attacker assuming full system control.