Morpho Hacker Group Targets Intellectual Property

With the highly-publicized rise in cyberbreaches, we have seen hackers break into systems for a variety of reasons: criminal enterprises simply stealing money, thieves gathering Social Security or credit card numbers to sell on the black market, state-sponsored groups taking confidential information, and malicious actors taking passwords or personal data to use to hit more valuable targets. Now, another group of financially-motivated hackers has emerged with a different agenda that may have even riskier implications for businesses.

According to a new report from computer security company Symantec, a group it calls Morpho has attacked multiple multibillion-dollar companies across an array of industries in pursuit of one thing: intellectual property. While it is not entirely clear what they do with this information, they may aim to sell it to competitors or nation states, the firm reports. “The group may be operating as ‘hackers for hire,’ targeting corporations on request,” Symantec reported. “Alternatively, it may select its own targets and either sell stolen information to the highest bidder or use it for insider trading purposes.”

Victimized businesses have spanned the Internet, software, pharmaceutical, legal and commodities fields, and the researchers believe the Morpho group is the same one that breached Facebook, Twitter, Apple and Microsoft in 2013.

Symantec does not believe the group is affiliated with or acting on behalf of any particular country as they have attacked businesses without regard for the nationality of its targets. But, as the New York Times reported, ” the researchers said there were clues that the hackers might be English speakers — their malicious code is written in fluent English — and they named their encryption keys after memes in American pop culture and gaming. Researchers also said the attackers worked during United States working hours, though they conceded that might just be because that is when their targets are most active.”

The researchers have tied Morpho to attacks against 49 different organizations in more than 20 countries, deploying custom hacking tools that are able to break into both Windows and Apple computers, suggesting it has plenty of resources and expertise. The group has been active since at least March 2012, the report said, and their attacks have not only continued to the present day, but have increased in number. “Over time, a picture has emerged of a cybercrime gang systematically targeting large corporations in order to steal confidential data,” Symantec said.

Morpho hacking victims by industry

Morpho hackers have also been exceptionally careful, from preliminary reconnaissance to cleaning up evidence. In some cases, to help best determine the valuable trade secrets they would steal, the group intercepted company emails as well as business databases containing legal and policy documents, financial records, product descriptions and training documents. In one case, they were able to compromise a physical security system that monitors employee and visitor movements in corporate buildings. After getting the data they wanted, they scrubbed their tracks, even making sure the servers they used to orchestrate the attacks were rented using the anonymous digital currency Bitcoin.

In short, the hackers are really good, according to Vikram Thakur, a senior manager of the attack investigations team at Symantec. “Who they are? We don’t know. They are virtually impossible to track,” he said.

47% of Consumers Have Not Changed Passwords in 5 Years

online security passwords

More than 20% of consumers use passwords that are more than 10 years old, and 47% use passwords that have not been changed in five years, according to a recent report by account security company TeleSign. What’s more, respondents had an average of 24 online accounts, but only six unique passwords to protect them. A total of 73% of accounts use duplicate passwords.

Consumers recognize their own vulnerability. Four out of five consumers worry about online security, with 45% saying they are extremely or very concerned about their accounts being hacked – something 40% of respondents had experienced in the past year.

consumers worried about cybersecurity

While some companies may worry that adding too many security measures may frustrate or discourage users, this concern appears unfounded. Two thirds of respondents said they want online companies to provide more security, such as two-factor authentication (2FA). The real issue may be education. Even where this extra layer of protection is available, TeleSign found, a majority has not enabled it, with most among these users reporting that they do not understand what it is or how to use it. But, the survey found, 72% of consumers want to learn more about how to better secure their data.

learning about cybersecurity

“The number-one tip most experts give for increasing account security and stopping the fallout from data breaches is to turn on two-factor authentication,” said Steve Jillings, CEO of TeleSign. “Yet our research shows that the majority of consumers (61%) do not know what two-factor authentication is, even though it’s available on almost every account, free to the consumer and just waiting to be turned on.”

There is some good news, however. Some users in the United States are particularly learning – and acting upon – valuable lessons from highly publicized data breaches, with more people in the U.K. turning on 2FA because the site requires it, while more people in the U.S. did so to get an extra layer of protection. According to TeleSign, compared to respondents in the U.K., almost six times as many U.S. consumers turned on 2FA because their personal information was exposed in a data breach (17% vs. 3% of U.K. consumers). About three times the share of U.S. consumers enabled 2FA because they read or heard about a data breach (24% vs. 7%) or had an account hacked (23% vs. 9%).

Windows Server 2003 Expiration Brings Defense in Depth to Life

windows server 2003

The termination of support for Windows Server 2003 (WS2003) is less than four months away, leaving many enterprises in a race against the clock before the system’s security patches cease. In fact, 61% of businesses have at least one instance of WS2003 running in their environment, which translates into millions of installations across physical and virtual infrastructures. While many of these businesses are well aware of the rapidly approaching July 14 deadline and the security implications of missing it, only 15% have fully migrated their environment. So why are so many enterprises slow to make the move?

Migration Déjà Vu

The looming support deadline, the burst of security anxiety, the mad rush to move off a retiring operating system… sound familiar? This scenario is something we’ve seen before, coming just 12 months after expiration of Windows XP support.

While there may be fewer physical 2003 servers in an organization than there were XP desktops, a server migration is more challenging and presents a higher degree of risk. From an endpoint perspective, replacing one desktop with the latest version of Windows affects only one user, while a server might connect to thousands of users and services. Having a critical server unavailable for any length of time could cause major disruption and pose a threat to business continuity.

Compared to the desktop, server upgrades are significantly more complex, especially when you then add hardware compatibility issues and the need to re-develop applications that were created for the now outdated WS2003. Clearly, embarking on a server migration can be a very daunting process – much more so than the XP migration – which seems to be holding many organizations back.

Cost of Upgrading versus Staying

Moving off WS2003 can be a drain on time resources. While most IT administrators understand how to upgrade an XP operating system, the intricacy of server networks means many migrations will require external consultancy, especially if they are left to the last minute. It’s no wonder that companies this year are allocating an average of $60,000 for their server migration projects. Still, it’s a fair price to pay when you consider the cost of skipping an upgrade entirely. Legacy systems are expensive to maintain without regular fixes to bugs and performance issues. And without security support, organizations will be left exposed to new and sophisticated threats. Meanwhile, hackers will be looking to these migration stragglers as their prime targets. For those who fall victim to exploits as a result, it’s not just financial losses they will have to deal with, but a blow to their reputation as well. It also means that companies continuing to run on WS2003 after support ends will be removed from the scope of compliance, adding other penalties that could further damage the business.

If they haven’t already, businesses still running on the retiring system should be thinking now about making an upgrade to Windows Server 2012. It’s easier said than done, of course. A server migration can take as long as six months, so even if businesses start their migration now, there could still be a two month period during which servers run unsupported. This means that organizations should be putting defenses in place to secure their datacenters for the duration of the migration and beyond.

Control Admin Rights

While sysadmins are notorious for demanding privileged access to applications, the reality is, allocating admin rights to sys-admins is extremely risky, since malware often seeks out privileged accounts to gain entry to a system and spread across the network. Plus, humans aren’t perfect, and the possibilities for accidental misconfigurations when logging onto a server are endless. In fact, research has shown that 80% of unplanned server outages are due to ill-planned configurations by administrators.

Admin rights in a server environment should be limited to the point where sysadmins are given only the privileges they need, for example to respond to urgent break-fix scenarios. Doing so can reduce exploit potential significantly. In an analysis of Patch Tuesday security bulletins issued by Microsoft throughout 2014, the risk of 98% of Critical vulnerabilities affecting Windows operating systems could be mitigated by removing admin rights.

Application Control

Application Control (whitelisting) adds more control to a server environment, including those that are remotely administered, by applying simple rules to manage trusted applications. While trusted applications run through configured policies, unauthorized applications and interactions may be blocked. This defense is particularly important for maintaining business continuity as development teams are rewriting and refactoring apps.


Limiting privileges and controlling applications sets a solid foundation for securing a server migration, but even with these controls, the biggest window of opportunity for malware to enter the network – the Internet – remains exposed. Increasingly, damage is caused by web-borne malware, such as employees unwittingly opening untrusted pdf documents or clicking through to websites with unseen threats. Vulnerabilities in commonly used applications like Java and Adobe Reader might be exploited by an employee simply viewing a malicious website.

Sandboxing is the third line of defense that all organizations should have in place, at all times. By isolating untrusted content, and by association any web-borne threats or malicious activity in a separate secure container, sandboxing empowers individuals to browse the Internet freely, without compromising the network. Having instant web access is expected in modern workplaces, so sandboxing is ideal for securing Internet activity without disrupting productivity and the user experience.

Windows Server 2003 Migration: A Window of Opportunity

It shouldn’t take an OS end of life to spur change – especially security change. Organizations and their IT teams need to be thinking about how they can adapt their defenses, ensuring that they are primed to handle the new and sophisticated threats we see emerging every day. A migration is often the perfect time to revitalize an organization’s security strategy. With a migration process as a catalyst for reinvention, IT can lean on solutions like Privilege Management, Application Control and Sandboxing to not only lock down the migration, but carry beyond it as well, providing in-depth defense across the next version of Windows.

Malware Threats from Unlicensed Software: The Critical First Step for Cyberrisk Management

Waking up to find your company on the front page news and at the center of a data breach is every CEO’s worst nightmare—and for a number of businesses, it has become reality. Today, the threats from cybercrime are real and frightening, and the risks are extraordinary. Cybersecurity is an incredibly complex issue and business leaders are grappling with how to best protect their businesses, understand the new business vulnerabilities, and identify what steps they can take to protect themselves and their customers from becoming a victim of cybercrime.

There is a strong case for organizations to put protection from malware at the top of their risk agenda. In the past year, 43% of companies experienced a data breach. The average organization experiences a malware event every three minutes, and the costs of dealing with that malware can be astronomical. The International Data Corporation (IDC) estimates that enterprises spent $491 billion in 2014 as a result of malware associated with counterfeit and unlicensed software.

A threshold step to mitigating risk is gaining an understanding of your own network and if the software you are using is genuine and fully licensed. Unfortunately, many businesses are failing to take this basic and critical first step to protect themselves.

It has long been suspected that there is a connection between unlicensed software and cybersecurity threats. A new study commissioned by BSA | The Software Alliance and conducted by IDC confirms this as fact.

The study compared rates of unlicensed software installed on PCs with a measure of malware incidents on PCs across 81 countries. Given that 43% of the software installed on PCs globally in 2014 was unlicensed, it’s clear that many businesses are at risk. The findings were sobering. The correlation between the use of unlicensed software and malware is even higher than the correlations between education and income, or that between smoking and lung cancer. The implication for governments, enterprises and consumers is clear: assessing what is in your network and eliminating unlicensed software could help reduce the risk of cybersecurity incidents.

Fortunately there are proven best practices available to tackle the challenges around software licensing.  The world class standard for Software Asset Management is ISO/IEC 19770-1:2012. The importance of implementing internal controls for legal use of technology, including software, has become so critical that COSO now recommends it in its revised Internal Control – Integrated Framework.

While putting controls in place may sound simple, many businesses are missing this first step. Only 35% of companies have written policies requiring the use of properly licensed software. For CEOs, now is the time to start implementing best practices that will help mitigate security risks and avoid your business becoming tomorrow’s news headline. For more information on additional steps you can take, visit BSA’s website.

BSA Global Software Survey