In this blog, we will present some findings on how NanoCore RAT 126.96.36.199 is actively being delivered in new and different ways that we discovered at Morphisec Labs in the last couple of months. Specifically, we will focus on the sophisticated fileless methods for delivering the RAT without touching the disk.Read More
Let’s face it – there are a lot of threat reports and threat data floating around. What makes the Morphisec Labs Threat Report different is the type of threats it analyzes. It focuses on the threats that pose a real risk to organizations, the ones that get past standard and next-generation AI antivirus.Read More
Morphisec’s U.S. Citizen Threat Index Study Looks at Perceived Threats in the Run-Up to the 2018 Midterms
With the US midterm elections just days away, the team at Morphisec wanted to look at how American citizens feel about state-sponsored attacks and other cyber threats that could pose a threat to US election security, and ultimately, American democracy.Read More
So far, 2018 has turned out to be anything but business as usual, at least on the cybersecurity front. The revelation about CPU vulnerabilities Meltdown and Spectre (and all the offshoots); the explosion in cryptojacking – which is likely even more widespread than current estimates; the lightning speed at which the newest sophisticated attack technology is adopted by mass market criminals.Read More
After more than four years with no weaponized exploits for Adobe Acrobat Reader, researchers at ESET identified a weaponized PDF that allows attackers to execute arbitrary code on the targeted machine and eventually assume full system control. The PDF exploits two previously unknown vulnerabilities, Acrobat Reader vulnerability CVE-2018-4990 and a privilege escalation vulnerability in Microsoft Windows, CVE-2018-8120.
Adobe Reader has a built-in sandbox feature that usually makes exploitation difficult. By combining vulnerabilities, this attack achieves code execution and then bypasses the sandbox protection to fully compromise the targeted system.Read More
On the 12th of April, Morphisec, identified and prevented a major wave of malspam purporting to be from HSBC Bank. The phishing campaign targeted several industrial manufacturing and service enterprises in Asia, using standard but still often effective social engineering tactics. The malicious email delivered a sophisticated info-stealing trojan via a weaponized ISO attachment. ISO files are a type of image archive format used for optical disk images, which can be opened using WinRAR and other programs.Read More
A report co-authored by Michael Gorelik, CTO and VP R&D, and Roy Moshailov, Malware Research Expert at Morphisec.
Fileless malware is a type of a malicious code execution technique that operates completely within process memory; no files are dropped onto the disk. Without any artifacts on the hard drive to detect, these attacks easily evade current detection solutions.Read More