Check Point Blog

Welcome to the Check Point Blog where you will find posts tagged in two categories:

  • Threat Research: Research findings, threat intelligence, and perspectives from Check Point’s research teams
  • Security Insights: Perspectives on current events and the security landscape from Check Point thought leaders


Get started by choosing a category, or read them all!

Sort blog posts by:  

TeslaCrypt Ransomware Shuts Down: One Down, Plenty to Go

 
In a surprising turn of events, the creators of the notorious TeslaCrypt ransomware shut down their operation and revealed the master key for decrypting all files. They even said they are sorry, as displayed in the image below. Figure 1: TeslaCrypt Shut Down Message   The motive behind this step remains unclear. The attackers could be trying to lower their profile to avoid law enforcement agencies or they could really be sorry for the damage they have done. Either way, the users who were infected by TeslaCrypt have already payed the price. As we have reported earlier, TeslaCrypt, which emerged in 2015, was known especially for its ability to adapt. Several versions of it ...

The Scripting Threat: How Admin Tools Became Dominant in the Malware Attack Lifecycle

 
Malware have increasingly adopted scripts as a major technique, replacing file-based execution. This transition took place mainly to avoid signature-based detection employed by many security vendors. To understand how this is achieved, one must first understand what scripting really is. Scripting languages are programs that support automated execution of tasks, which could be executed manually by a human operator. Scripting languages like PowerShell and VBScript were created to provide more flexible capabilities, adaptable to different needs, and are used mainly by administrators. Activities such as victim recognition, lateral movement, C&C communication and persistence are very ...

In The Wild: Malware in Google Play is as Prevalent and Pesky as Ever

 
Not a week passes without new malware found on Google Play and this week was no different. Among the malware found are both new and old samples, including a known malicious banker and a new type of malware making its first appearance on Google Play. Also, Google has patched more vulnerabilities, which is no coincidence since we’ve come to expect frequent security patches and malware discoveries because of the frail security Android provides. Using Wi-Fi to Hack Into Your Device Among the various security patches recently released by Google, one, in particular, catches the eye. The vulnerability allowed attackers to elevate privileges or even to target a device with a Denial-of-Service ...

Spear Phishing 2.0 Adds Social Engineering & VM Evasion

 
Spear phishing attacks are a rising threat faced by organizations. These well-planned attacks can deceive even the most cautious users. Unlike old-fashioned mass phishing attempts, these attacks are directed at specific individuals or companies and are tailor-made to fit their target. Used for a wide variety of reasons from stealing personal information or credentials to spreading malware, spear phishing attacks trick the user into performing a seemingly innocent action that results in serious consequences. The user may end up clicking on a malicious URL link, making a bank transfer, providing restricted information, or opening attachments that download malware. Recently, Check Point ...

Everyday Malware Poses a Risk to Critical Infrastructure

 
Many people believe that only state-sponsored attacks can endanger critical infrastructure. They claim that such elaborate malware capable of targeting the inner workings of Industrial Control Systems (ICS) are not the work of simple hackers. This flawed perception completely disregards the fact that ICS can fall victim to the most banal malware - and in fact recent attacks demonstrate this vulnerability. In April, a German nuclear plant was infected with old malware, including Conficker and W32.Ramnit, which are designed to allow remote control when connected to the internet. It remains unclear whether the plant’s OT system was infected as well. Even if only the IT systems were ...

Hack In The Box: How Attackers Manipulate Root Access and Configuration Changes

 
Securing iOS and Android smartphones and tablets is still a relatively new concept. Taking control of a mobile device was once considered an unlikely threat because it was hard to do. However, malware has moved forward, making attacks a more imminent threat. One of the causes for this is malware’s advances in attack capabilities. Technical procedures which were once the realm of hardcore, tech-savvy hackers have become common knowledge. The best example of this is rooting. Rooting a mobile device (or Jailbreaking, in the case of an iOS device) is a way of breaking out of predefined boundaries set by the operating system. Users can root devices to harness the full potential of their ...

Inside Nuclear’s Core: Unraveling a Ransomware-as-a-Service Infrastructure

 
The Check Point Research team has uncovered the entire operation of one of the world’s largest attack infrastructures. Exploit Kits are a major part of the Malware-as-a-Service industry, which facilitate the execution of ransomware and banking trojans, among others. Their creators rent them to cybercriminals who use them to attack unsuspecting users. Nuclear is one of the top Exploit Kits, both in complexity and in spread. We offer you the Inside Nuclear's Core: Unraveling a Malware-as-a-Service Infrastructure report, a unique, first-of-its-kind view into the heart of a cybercriminal syndicate. First, we review the Malware-as-a-Service infrastructure, created by the Exploit Kit’s ...

Introducing Check Point SandBlast™ Cloud

 
The increasing adoption of cloud-based email tools such as Microsoft Office 365™ allows businesses to efficiently communicate and collaborate, without investing resources in managing and maintaining their own dedicated IT infrastructure. However, the shift to cloud-based tools also brings with it an array of security risks, including sophisticated attacks like spear-phishing and ransomware that use email as a primary entry point, resulting in financial impact, data loss and lost productivity. In most organizations, protection for cloud-based email is still limited to traditional solutions that only detect previously known threats. This leaves organizations vulnerable to sophisticated ...

The Notorious TeslaCrypt V3 Ransomware: A Comprehensive Analysis

 
As the current wave of ransomware rages on, one stands out in its ability to adapt: TeslaCrypt. Although it emerged only in 2015, we are currently witnessing the malware’s third generation. Since its debut, it has transformed itself, fixing its flaws and vastly improving its ability to evade detection. It has also expanded its distribution methods, which now include using exploit kits. As part of our ongoing efforts to understand and protect against the latest new and emerging malware, Check Point researchers have thoroughly studied TeslaCrypt version 3.0.1. Our report, Looking Into TeslaCrypt V3.0.1, provides a detailed analysis of the malware and its operation and presents several ...

Hack In The Box: System Vulnerabilities Can Leave Mobile Devices Exposed

 
System vulnerabilities are a major threat facing users and enterprises today, and these need to be remedied thoughtfully. Since these vulnerabilities don’t require social engineering schemes to become exposed, and because they have an alarmingly high success rate, they are also one of the easiest ways to attack Android and iOS devices. The constant release of numerous security patches -- which are never enough to keep users safe – leaves a number of different in-market versions of both operating systems. These patches get released after significant delays, allowing attackers to thrive on vulnerabilities from the moment they are discovered until they are finally fixed. The longer ...