Recent Webinar: Building an Adaptive Cyber Resilient Cloud
arrow-white arrow-white Watch now
close
Posted by Morphisec Labs on August 27, 2021

On approximately August 21, 2021, security researchers, cybersecurity leaders, and eventually the CISA began voicing concerns about the inevitable threat of LockFile ransomware attacks on a wide variety of ill-informed and unprepared victims. Threat...

Read More
Posted by Morphisec Labs on July 5, 2021

On July 2, 2021, our Cloud Workload Protection Platform, Morphisec Keep, successfully identified and prevented a REvil ransomware infection in customer domains. This attack was automatically blocked in real time due to Morphisec's proactive...

Read More
Posted by Michael Gorelik on June 2, 2021

In the past month, Morphisec has investigated the origin of several increasingly prevalent infostealers. These include Redline, Taurus, Tesla, and Amadey.

As part of our research, we identified pay-per-click (PPC) ads in Google’s search results that...

Read More
Posted by Arnold Osipov on May 14, 2021

The Morphisec Labs team has been tracking an ongoing RAT delivery campaign that started in February this year. This campaign is unique in its heavy use of the AutoHotKey scripting language—a fork of the AutoIt language frequently used for testing...

Read More
Posted by Nadav Lorber on May 7, 2021

Morphisec has recently monitored a highly sophisticated Crypter-as-a-Service that delivers numerous RAT families onto target machines.

The Crypter is most commonly delivered through phishing emails, which lead to the download of a visual basic file....

Read More
Posted by Michael Gorelik on April 2, 2021

The developers of the Phobos ransomware have added new fileless and evasive techniques to their arsenal. Constantly keeping their attack up to date helps them bypass detection technologies through several distinct approaches, the latest of which we...

Read More
Posted by Nadav Lorber on March 16, 2021

In 2021 Morphisec identified increased usage of the “HCrypt” crypter. In this post, we lockpick “HCrypt”—a crypter as a service marketed as a FUD (fully undetectable) loader for the client's RAT of choice. We chose to dissect the crypter’s...

Read More
Posted by Michael Gorelik on March 10, 2021

Microsoft recently published details of an attack showing how a threat actor used zero-day exploits to access Microsoft Exchange Servers. The new exploit enabled access to email accounts and allowed the installation of additional malware to...

Read More
Posted by Alon Groisman on March 9, 2021

The MineBridge RAT was first identified in January 2020 by security researchers at FireEye. They observed the backdoor attacking financial institutions in the United States and targets in South Korea as well. MineBridge was initially classified as...

Read More
Posted by Michael Gorelik on February 11, 2021

Introducing egregor ransomware

Egregor is considered to be one of the most prolific ransomware threat groups. Yet it gained this reputation in a very short time due to its uncompromising double extortion methodology.

Read More
Posted by Michael Dereviashkin on February 8, 2021

Between January 15 and 20, Morphisec identified a significant campaign targeting multiple German customers in manufacturing. Targeted personnel were redirected to compromised websites that were, and still are, delivering advanced fileless...

Read More
Posted by Nadav Lorber on February 5, 2021

Introduction

In this post, we cover the CinaRAT loader's evasive tactics, techniques, and procedures (TTPs), as identified and prevented by Morphisec’s zero-trust endpoint security solution powered by Moving Target Defense technology. 

Read More
Posted by Arnold Osipov on January 4, 2021

This report has been updated with assistance from the cybersecurity community.

Introduction

Morphisec Labs has been tracking FIN7 (Carbanak Group) activity for the past several years. Morphisec’s ability to collect rich forensic data from memory has...

Read More
Posted by Arnold Osipov on November 12, 2020

An Infostealer is a trojan that is designed to gather and exfiltrate private and sensitive information from a target system. There is a large variety of info stealers active in the wild, some are independent and some act as a modular part of a...

Read More
Posted by Michael Gorelik on November 5, 2020

Introduction

The Agent Tesla information stealer has been around since 2014. During the last two to three years, it's also had a significant distribution growth factor partially due to the fact that cracked versions of it have been leaked.

Read More
Posted by Alon Groisman on September 16, 2020

The Morphisec Labs team has prevented on our customers’ sites a massive Trickbot and Emotet phishing campaign during the 10th and 11th of September. Trickbot is one of the most advanced malware frameworks active today; it constantly evolves with...

Read More
Posted by Arnold Osipov on August 20, 2020

Introduction

Morphisec Labs has tracked a massive maldoc campaign delivering the QakBot/QBot banking trojan, starting earlier this month. Qakbot leverages advanced techniques to evade detection and hamper manual analysis of the threat. In this post...

Read More
Posted by Michael Gorelik on August 7, 2020

Garmin has confirmed that the recent outage its users experienced was indeed the result of a successful ransomware attack. However, the extent of the damage done is still unclear. The attack, which compromised Garmin’s servers for five days,...

Read More
Posted by Michael Gorelik on June 30, 2020

Since early March, the team at Morphisec Labs has been supporting enterprises as they shift to distributed workforces in response to COVID-19. From assisting hospitals with securing their remote workers to uncovering new weaknesses in collaboration...

Read More
Posted by Arnold Osipov on June 24, 2020

The Morphisec Labs team has tracked an obfuscated VBScript package in campaigns since March 2020. Initially, the malware campaign was focused on targets within Germany, but has since moved on to additional targets--excluding any IP address within...

Read More