Predict your next investment

Morphisec company logo
SOFTWARE (NON-INTERNET/MOBILE) | Security Software
morphisec.com

See what CB Insights has to offer

Founded Year

2014

Stage

Series C | Alive

Total Raised

$50M

Last Raised

$31M | 7 mos ago

Mosaic Score

+30 points in the past 30 days

What is a Mosaic Score?
The Mosaic Score is an algorithm that measures the overall financial health and market potential of private companies.

About Morphisec

Morphisec provides an Endpoint Threat Prevention product, delivering protection against the most advanced cyberattacks. The company's patented Moving Target Defense technology prevents threats such as APTs, zero-days, ransomware, evasive fileless attacks and web-borne exploits.

Morphisec Headquarter Location

11 Beacon St Suite 735

Boston, Massachusetts, 02108,

United States

617-826-1212

Latest Morphisec News

Russian cybercrime gang targets finance firms with stealthy macros

Oct 16, 2021

By A new phishing campaign dubbed MirrorBlast is deploying weaponized Excel documents that are extremely difficult to detect to compromise financial service organizations The most notable feature of MirrorBlast is the low detection rates of the campaign's malicious Excel documents by security software, putting firms that rely solely upon detection tools at high risk. Featherlight macro with zero detections The developers of these malicious documents have made considerable effort to obfuscate malicious code, achieving zero detections on VirusTotal. VirusTotal results coming up with no detections Source: Morphisec However, these optimized documents have drawbacks that the actors are apparently willing to accept as trade-offs. Most notably, the macro code can only be executed on a 32-bit version of Office. If the victim is tricked into opening the malicious document and “enable content” in Microsoft Office, the macro executes a JScript script which downloads and installs an MSI package." Prior to that though, the macro performs a basic anti-sandboxing check on whether the computer name is equal to the user domain, and if the username is equal to 'admin' or 'administrator'. According to researchers at Morphisec who analyzed several samples of the dropped MSI package, it comes in two variants, one written in REBOL and one in KiXtart. MirrorBlast attack chain Source: Morphisec The REBOL variant, which is base64 encoded, begins by exfiltrating information like the username, OS version, and architecture. Next, it waits for a C2 command that initiates a Powershell which will fetch the second stage. The researchers weren’t able to retrieve that stage though, so its functions are unknown. The KiXtart payload is also encrypted and also attempts to exfiltrate basic machine information to the C2, including the domain, computer name, user name, and process list. A highly motivated threat actor The actors behind the campaign appear to be ‘TA505,’ an active Russian threat group that has a long history of creativity in the way they lace Excel documents in malspam campaigns . Morphisec was able to link the actors with the MirrorBlast campaign thanks to infection chain similarities with past operations, the abuse of OneDrive, the particularities in domain naming methods, and the existence of an MD5 checksum mismatch that points to a 2020 attack launched by TA505. TA505 is a highly sophisticated threat actor that is known for a wide-range of malicious activity over the years. Sample of TA505's working schedule from a past campaign Source: NCCGroup An NCCGroup analysis on the actor’s work schedule reflects an organized and well-structured group that utilizes zero-day vulnerabilities and a variety of malware strains in its attacks. This includes the deployment of Clop ransomware in double-extortion attacks. TA505 is also attributed to numerous attacks using a zero-day vulnerability in Accenture FTA secure file sharing devices to steal data from organizations. The threat actors then attempted to extort the companies by demanding $10 million ransoms to not publicly leak the data on their Clop data leak site. As such, the IT teams at the financial organizations targeted by the MirrorBlast campaign cannot afford to lower their shields even for a moment. Related Articles:

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Expert Collections containing Morphisec

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

Morphisec is included in 6 Expert Collections, including IIOT Landscape.

I

IIOT Landscape

498 items

Companies in the industrial internet of things space, including sensor analytics platforms, edge computing, asset tracking, and more.

T

The Future of Data Security

56 items

Startups on the cutting edge of enterprise data security.

I

Internet of Things ( IoT )

3,149 items

D

Data Life Cycle Management

124 items

Data Life Cycle Management startups provide solutions that collection, store, secure, prepare, integrate, and analyze data.

C

Conference Exhibitors

5,302 items

C

Cybersecurity

4,715 items

Morphisec Patents

Morphisec has filed 8 patents.

The 3 most popular patent topics include:

  • Computer security
  • Computer security exploits
  • Computer network security
patents chart

Application Date

Grant Date

Title

Related Topics

Status

5/8/2015

1/7/2020

Computer security exploits, Computer network security, Computer security, Malware, Programming paradigms

Grant

00/00/0000

00/00/0000

Subscribe to see more

Subscribe to see more

Subscribe to see more

00/00/0000

00/00/0000

Subscribe to see more

Subscribe to see more

Subscribe to see more

00/00/0000

00/00/0000

Subscribe to see more

Subscribe to see more

Subscribe to see more

00/00/0000

00/00/0000

Subscribe to see more

Subscribe to see more

Subscribe to see more

Application Date

5/8/2015

00/00/0000

00/00/0000

00/00/0000

00/00/0000

Grant Date

1/7/2020

00/00/0000

00/00/0000

00/00/0000

00/00/0000

Title

Subscribe to see more

Subscribe to see more

Subscribe to see more

Subscribe to see more

Related Topics

Computer security exploits, Computer network security, Computer security, Malware, Programming paradigms

Subscribe to see more

Subscribe to see more

Subscribe to see more

Subscribe to see more

Status

Grant

Subscribe to see more

Subscribe to see more

Subscribe to see more

Subscribe to see more

Morphisec Web Traffic

Rank
Page Views per User (PVPU)
Page Views per Million (PVPM)
Reach per Million (RPM)
CBI Logo

Morphisec Rank

CB Insights uses Cookies

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.