Morphisec Cyber Security Blog

Although I’m excited to be at the RSA Conference with my Morphisec colleagues, it reminds me of the impetus for starting our Women in Cybersecurity Scholarship. Of 28 keynote speakers at RSAC, only seven are women, and six of these were added at the last minute following a string of scathing tweets and articles. This 25% figure seems to be the average percentage in the general sessions as well. I attended several that were one woman in a panel of four, a few that had only male speakers and a single session that had a majority female panel. If I had to guess the overall attendee and exhibitor gender split I’d say it fell along the same lines, but that percent is skewed by the number of women simply scanning badges.

Morphisec Moving Target Defense verified as Citrix Ready to enhance protection with Citrix XenApp and XenDesktop

CISOs face an escalating battle on two fronts: externally from ever-more sophisticated attackers and internally in managing all the threat protection and additional security layers they put in to stop them. And they are losing. Despite added technology complexity and operational overhead, cyber criminals still manage to get past defenses.

According to a a new whitepaper from analyst firm ESG, 72% of organizations believe that security operations are more difficult today than they were two years ago yet 54% still suffered at least one security incident.

The Lazarus Group, also known as Hidden Cobra, may be in play again. The notorious cybercrime group is allegedly responsible for some of the most devastating attacks over the past few years, including the SWIFT network hack that stole $81 million Central Bank of Bangladesh issued and the 2014 destructive wiper attack against Sony Pictures. Some also link the WannaCry ransomware breakout to the same group.

Many of the existing reports covering the Lazarus attacks suggest links to North Korea. In fact, Hidden Cobra is the U.S. Government’s designation for malicious cyber activity conducted by the North Korean government.

On February 28, 2018, Morphisec Labs identified and prevented a suspicious document uploaded to VirusTotal that exploits the latest Flash vulnerability CVE-2018-4878. While analyzing the exploit and the downloaded payload, we immediately identified a near-perfect match to many of the techniques used during various attacks that are attributed to the Lazarus Group.

2018 is barely underway and we’re already seeing a whole new crop of cyber threats. Are you ready? Meet with Morphisec experts in person to find out how to build a lean, cost-effective security stack that protects your organization from whatever attackers come up with next. There’s just no substitute for a face-to-face exchange of ideas - come see us at one of these upcoming events to get all your cybersecurity questions answered.

The Meltdown and Spectre CPU vulnerabilities disclosed earlier this month generated a lot of noise and a lot of confusion. Our security experts received a deluge of questions from customers and industry personnel alike. Responding to this need, Morphisec CTO and VP R&D Michael Gorelik went on air to provide some answers. If you missed the webinar, you can watch it here.

With a turbulent 2017 finally behind us, what’s the cybersecurity forecast for 2018? Some predictions need no crystal ball – the cyber labor shortage will continue, spending on security solutions will go up, the breaches that do occur will be bigger and messier. But what else is in store for 2018? Morphisec’s VP Sales Arthur Braunstein, VP Product Netta Schmeidler and our co-founder Dudu Mimram weigh in.

The IT world is still shaking from the news that most modern processors have severe architecture flaws. This makes it possible for attackers to gain access to user mode and kernel memory data to leak crypto-keys, passwords, memory structures like loaded module addresses and other valuable information. The security flaws potentially affect all major CPUs, including chips manufactured by Intel, AMD and ARM.

--- 

Watch our security alert webinar on-demand in which Morphisec CTO Michael Gorelik, cuts through the noise surrounding the Meltdown and Spectre CPU vulnerabilities and answers live questions. 

WATCH IT NOW!

----

Ransomware remained a major cybersecurity threat in 2017, leaving a trail of victims across all industries, company sizes and geographical borders. Phishing emails are the top ransomware delivery mechanism and they grow in number and sophistication daily. According to IBM, the number of ransomware-infected emails increased 6,000% this year. And the days of easily spotted spelling mistakes and obvious scams are long gone. Today’s phishing attacks are clever and subtle enough to trick even security veterans.