Collaborate Disseminate
Introduction
The developers of the Phobos ransomware have added new fileless and evasive techniques to their arsenal. Constantly keeping their attack up to date helps them bypass detection technologies through several distinct approaches, the lat… Continue reading The “Fair” Upgrade Variant of Phobos Ransomware
Introduction
Egregor is considered to be one of the most prolific ransomware threat groups. Yet it gained this reputation in a very short time due to its uncompromising double extortion methodology.
The post Egregor Ransomware Adopting New Techni… Continue reading Egregor Ransomware Adopting New Techniques
Introduction
The Agent Tesla infostealer has been around since 2014. During the last two to three years, it’s also had a significant distribution growth factor partially due to the fact that cracked versions of it have been leaked.
The post Agent… Continue reading Agent Tesla: A Day in a Life of IR
Garmin has confirmed that the recent outage its users experienced was indeed the result of a successful ransomware attack. However, the extent of the damage done is still unclear. The attack, which compromised Garmin’s servers for five days,… Continue reading Morphisec Knowledge Update: New WastedLocker Ransomware Causes Havoc Among Some of the Leading Enterprises in the U.S.
The term “advanced persistent threats” describes the highly evolved nature of today’s cyberattacks. Hackers have developed sophisticated techniques – in-memory exploits, living-off-the-land attacks, remote access trojans, a… Continue reading Improve Threat Prevention with a Focus on Tactics, Not Techniques
Since early March, the team at Morphisec Labs has been supporting enterprises as they shift to distributed workforces in response to COVID-19. From assisting hospitals with securing their remote workers to uncovering new weaknesses in collaboratio… Continue reading How COVID-19 Has Altered the Enterprise Cyberattack Landscape
As part of a rapid change in the work environment during the COVID-19 pandemic, Morphisec Labs has been tracking the change in the attack trend landscape. This has included the evolution of adware, PUA, and fraudulent software bundle delivery beyo… Continue reading CrystalBit / Apple Double DLL Hijack — From fraudulent software bundle downloads to an evasive miner raging campaign
EDITOR’S NOTE: The previous version of this blog post mis-identified the source of this attack as the FIN7 group; GRIFFON and OSTAP are both very long javascripts that have many similarities. This caused the confusion in identifying the attack as … Continue reading Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10
Over the past few weeks, Morphisec Labs researchers identified a couple dozen documents that execute the GRIFFON javascript delivery backdoor. Following our investigation, we identified a high similarity to FIN7’s attack methodology.
The post FIN7… Continue reading FIN7 Targets New Windows 10 Functionality
During the period of March to May 2019, Morphisec Labs observed a new, highly sophisticated variant of the ShellTea / PunchBuggy backdoor malware that attempted to infiltrate a number of machines within the network of a customer in the hotel-enter… Continue reading Security Alert: FIN8 is Back in Business, Targeting the Hospitality Industry