Agent Tesla: A Day in a Life of IR
Introduction The Agent Tesla infostealer has been around since 2014. During the last two to three years, it's also had a significant distribution growth factor partially due to the fact that cracked versions of it have been leaked ... Read More
Morphisec Knowledge Update: New WastedLocker Ransomware Causes Havoc Among Some of the Leading Enterprises in the U.S.
Garmin has confirmed that the recent outage its users experienced was indeed the result of a successful ransomware attack. However, the extent of the damage done is still unclear. The attack, which compromised Garmin’s servers for five days, impacted millions of users globally and will likely end up costing Garmin ... Read More
Improve Threat Prevention with a Focus on Tactics, Not Techniques
The term “advanced persistent threats” describes the highly evolved nature of today’s cyberattacks. Hackers have developed sophisticated techniques – in-memory exploits, living-off-the-land attacks, remote access trojans, and more – that allow them to evade detection and attack in obscurity. However, as much as these techniques have changed over time, the ... Read More
How COVID-19 Has Altered the Enterprise Cyberattack Landscape
Since early March, the team at Morphisec Labs has been supporting enterprises as they shift to distributed workforces in response to COVID-19. From assisting hospitals with securing their remote workers to uncovering new weaknesses in collaboration applications that could pose a threat to business continuity, we’ve been working hand-in-hand with ... Read More
CrystalBit / Apple Double DLL Hijack — From fraudulent software bundle downloads to an evasive miner raging campaign
As part of a rapid change in the work environment during the COVID-19 pandemic, Morphisec Labs has been tracking the change in the attack trend landscape. This has included the evolution of adware, PUA, and fraudulent software bundle delivery beyond a consumer problem into a significant attack vector on enterprise ... Read More
Machine Learning Can’t Protect You From Fileless Attacks
The rise of fileless attacks in the past 10 years has stymied even the best antivirus software. Traditional AV is designed to detect known signatures of known malware and prevent it from executing. Fileless attacks lack a signature, which allows it to handily bypass traditional antivirus products ... Read More
FIN7 Targets New Windows 10 Functionality
Over the past few weeks, Morphisec Labs researchers identified a couple dozen documents that execute the GRIFFON javascript delivery backdoor. Following our investigation, we identified a high similarity to FIN7's attack methodology ... Read More
Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10
EDITOR'S NOTE: The previous version of this blog post mis-identified the source of this attack as the FIN7 group; GRIFFON and OSTAP are both very long javascripts that have many similarities. This caused the confusion in identifying the attack as coming from FIN7. This is still an important find though, ... Read More
Apple Zero-Day Exploited in New BitPaymer Campaign
In August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another enterprise in the automotive industry ... Read More
Security Alert: FIN8 is Back in Business, Targeting the Hospitality Industry
During the period of March to May 2019, Morphisec Labs observed a new, highly sophisticated variant of the ShellTea / PunchBuggy backdoor malware that attempted to infiltrate a number of machines within the network of a customer in the hotel-entertainment industry. It is believed that the malware was deployed as ... Read More
