<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">
Posted by Michael Gorelik on August 7, 2020

Garmin has confirmed that the recent outage its users experienced was indeed the result of a successful ransomware attack. However, the extent of the damage done is still unclear. The attack, which compromised Garmin’s servers for five days, impacted millions of users globally and will likely end up costing Garmin millions of dollars in lost productivity and reputation alone. While Garmin says that no customer data was leaked, Garmin's call centers, web site, and cloud-based services such as Garmin Connect and FlyGarmin (a commercial aviation navigation service) were either taken offline or negatively impacted as a result of the attack.

Read More
Posted by Michael Gorelik on June 30, 2020

Since early March, the team at Morphisec Labs has been supporting enterprises as they shift to distributed workforces in response to COVID-19. From assisting hospitals with securing their remote workers to uncovering new weaknesses in collaboration applications that could pose a threat to business continuity, we’ve been working hand-in-hand with customers, counterparts at security companies, and authorities to stay ahead of defending against a rapidly evolving cyberattack landscape.

Read More
Posted by Arnold Osipov on June 24, 2020

The Morphisec Labs team has tracked an obfuscated VBScript package in campaigns since March 2020. Initially, the malware campaign was focused on targets within Germany, but has since moved on to additional targets--excluding any IP address within Russia or North Korea.

Read More
Posted by Michael Gorelik on June 16, 2020

As part of a rapid change in the work environment during the COVID-19 pandemic, Morphisec Labs has been tracking the change in the attack trend landscape. This has included the evolution of adware, PUA, and fraudulent software bundle delivery beyond a consumer problem into a significant attack vector on enterprise employees.

Read More
Posted by Arnold Osipov on June 2, 2020

Ursnif/Gozi Introduction:

Morphisec has been tracking an uptick in the delivery of Ursnif/Gozi during the COVID-19 pandemic. Specifically, we have noticed a significant spike both in numbers and sophistication. The latest delivery methods will many times involve old-school Excel 4.0 macro functionality, which historically is a blind spot for AV detection as it has nothing to do with the VBA macro engine and is integrated as part of the workbook. INQUEST reported the use of similar techniques as part of a Zloader delivery campaign. Interestingly, in the latest campaign, it looks like the malware writers removed the image from the Excel document to avoid OCR heuristic detection following the INQUEST article.

Read More
Posted by Harsha Cheruku on April 15, 2020

During the first week of March, Morphisec intercepted and prevented an advanced Lokibot delivery campaign on some of its customers in the financial sector. While Lokibot has been lately reported to be delivered via impersonation of a known game launcher, previously it was also delivered through advanced AutoIt obfuscated Frenchy shellcode.

Read More
Posted by Arnold Osipov on April 2, 2020

 

Guloader is a downloader that has been widely used from December 2019. Several security researchers have identified the downloader in the wild, signifying that it has quickly gained popularity among threat actors. When it first appeared, GuLoader was used to download Parallax RAT, but has been applied to other remote access trojans and info-stealers such as Netwire, FormBook, and Tesla.

Read More
Posted by Arnold Osipov on March 18, 2020

Following the increase in Parallax RAT campaigns -- the new RAT on the block, Morphisec Labs decided to release more technical details on some of the latest campaigns that the Morphisec Unified Threat Prevention Platform intercepted and prevented on our customer’s sites.

Read More
Posted by Arnold Osipov on January 30, 2020

The Trickbot trojan is one of the most advanced malware delivery vehicles currently in use. Attackers have leveraged it to deliver a wide variety of malicious code, in many different methods. Just yesterday, Bleeping Computer reported that news articles from President Trump’s impeachment trial have been used to hide Trickbot from antivirus scanners.

Read More
Posted by Alon Groisman on December 18, 2019

In April 2019, attackers who breached IT supplier Wipro leveraged the ConnectWise Control (formerly ScreenConnect) remote desktop application as a major component of their attack.

Read More

Subscribe to our blog

Stay in the loop with industry insight, cyber security trends, and cyber attack information and company updates.

Search Our Site

    Recent Posts

    Posts by Tag

    See all