Threat Profile: Dofoil (Smoke Loader) Trojan with Coin-Miner 

Posted by Roy Moshailov on March 22, 2018 at 2:08 PM

 

These days, most malware employs a long attack chain with anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. More and more frequently, they are also incorporating coin miners in attacks. Such is the case with a newly observed variant of the Dofoil (also known as Smoke Loader) trojan, which includes a resource-draining cryptocurrency-mining payload. This latest Dofoil strain entered the scene earlier this month and is currently still active.

Read More

Topics: Cyber Attacks, Attack Analysis, Threat Profile

The Lazarus Group Strikes Again - Or is it an Imposter? The Latest CVE-2018-4878 Attack

Posted by Michael Gorelik on March 2, 2018 at 9:13 AM

The Lazarus Group, also known as Hidden Cobra, may be in play again. The notorious cybercrime group is allegedly responsible for some of the most devastating attacks over the past few years, including the SWIFT network hack that stole $81 million Central Bank of Bangladesh issued and the 2014 destructive wiper attack against Sony Pictures. Some also link the WannaCry ransomware breakout to the same group.

Many of the existing reports covering the Lazarus attacks suggest links to North Korea. In fact, Hidden Cobra is the U.S. Government’s designation for malicious cyber activity conducted by the North Korean government.

On February 28, 2018, Morphisec Labs identified and prevented a suspicious document uploaded to VirusTotal that exploits the latest Flash vulnerability CVE-2018-4878. While analyzing the exploit and the downloaded payload, we immediately identified a near-perfect match to many of the techniques used during various attacks that are attributed to the Lazarus Group.

Read More

Topics: Exploits, Cyber Security, Threat Profile

Threat Profile: GandCrab Ransomware

Posted by Roy Moshailov on February 23, 2018 at 11:08 PM

GandCrab Ransomware

These days, most malware employs long chain attack and anti-analysis techniques to make it more difficult to detect the payload and harder to analyze by security researchers. Such is the case with GandCrab, a new ransomware strain that entered the scene late last month and is currently active.

Read More

Topics: Ransomware, Exploit Kit, Attack Analysis, Custom Packer, Threat Profile

Threat Profile: Microsoft Equation Editor Backdoor

Posted by Roy Moshailov on January 29, 2018 at 8:19 PM

Towards the end of 2017, a group of researchers at Embedi discovered a Microsoft Office vulnerability that’s been quietly putting systems in danger for about 17 years.

Read More

Topics: Exploits, Cyber Attacks, MS Office Exploits, Threat Profile

Meltdown and Spectre: Where the Real Risks Lie

Posted by Michael Gorelik on January 5, 2018 at 4:58 PM

The IT world is still shaking from the news that most modern processors have severe architecture flaws. This makes it possible for attackers to gain access to user mode and kernel memory data to leak crypto-keys, passwords, memory structures like loaded module addresses and other valuable information. The security flaws potentially affect all major CPUs, including chips manufactured by Intel, AMD and ARM.

--- 

Watch our security alert webinar on-demand in which Morphisec CTO Michael Gorelik, cuts through the noise surrounding the Meltdown and Spectre CPU vulnerabilities and answers live questions. 

WATCH IT NOW!

----

Read More

Topics: Exploits, ASLR, Cyber Security, Threat Profile

Threat Profile: RokRAT

Posted by Roy Moshailov on January 2, 2018 at 9:59 PM

RokRAT is a sophisticated Remote Access Trojan (RAT) that is skilled at evading detection and uses multiple techniques to make analysis difficult. The current RokRAT campaign was identified by Cisco Talos in November. The earliest known RokRAT campaign occured in April, although this used a less evasive malware variant. 

Read More

Topics: Exploits, Custom Packer, Threat Profile

Threat Profile: SIGMA Ransomware

Posted by Roy Moshailov on December 20, 2017 at 1:44 AM

 

Ransomware remained a major cybersecurity threat in 2017, leaving a trail of victims across all industries, company sizes and geographical borders. Phishing emails are the top ransomware delivery mechanism and they grow in number and sophistication daily. According to IBM, the number of ransomware-infected emails increased 6,000% this year. And the days of easily spotted spelling mistakes and obvious scams are long gone. Today’s phishing attacks are clever and subtle enough to trick even security veterans. 

Read More

Topics: Ransomware, Sandbox evasion, Cyber Security, Threat Profile

Threat Profile: Jaff Ransomware

Posted by Morphisec Team on May 20, 2017 at 2:03 AM

Last week, a massive wave of spam email that infects victims with a new type of ransomware, dubbed "Jaff", flooded networks across Europe, North America and Australia. Estimates put the number of malicious emails in the tens of millions.

Read More

Topics: Cyber Attacks, Endpoint Security, Ransomware, Cyber Security, Threat Profile

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts