Check Point Blog

Welcome to the Check Point Blog where you will find posts tagged in two categories:

  • Threat Research: Research findings, threat intelligence, and perspectives from Check Point’s research teams
  • Security Insights: Perspectives on current events and the security landscape from Check Point thought leaders


Get started by choosing a category, or read them all!

Sort blog posts by:  

The Internet of ransomware Things

 
San Francisco’s Municipal Railway (MUNI) riders got to ride for free over the last weekend (Nov 25th-26th), after what appears as a ransomware hit the agency’s payment system. The alleged attack sought $73,000 in ransom for stolen city data. “Personal information of MUNI customers were not compromised as part of this incident,” Paul Rose, a spokesperson for the San Francisco Municipal Transit Authority (SFMTA), said Monday. “We’ve never considered paying the ransom,” he added, “because we have in-house staff capable of recovering all systems, and we’re doing that now.” Despite Rose’s guarantee, the alleged malware attacker issued a new threat to MUNI via news ...

Check Point vSEC Achieves AWS Security Competency

 
Check Point has attained Amazon Web Services (AWS) Security Competency. This shines a light Check Point’s expertise in delivering advanced threat prevention security to help protect customer data and workloads in the AWS Cloud. vSEC for AWS provides consolidated and consistent security policy management, enforcement and reporting across on-premise and cloud workloads, making migration to the AWS cloud painless. “The AWS Security Competency Program is designed to help customers easily discover and quickly deploy the product solutions that offer the best fit for their unique project workloads,” said Tim Jefferson, global ecosystem lead, security, Amazon Web Services, Inc. “We are ...

Two thanksgiving presents from the leading ransomware

 
Cerber and Locky, the two most popular ransomwares out there, have launched new variants to the wild simultaneously. The new ransomware versions released perform slender, yet very interesting, changes that may affect the way they are being detected.   CERBER 5.0 Uses New IP Ranges as well as Old Ones The actors behind Cerber, like other actors in the ransomware industry, innovate on a daily basis. Only yesterday (November 23rd, 2016) a new version of Cerber was released (4.1.6); however no prominent changes were noticeable in it. Less than 24 hours later, Cerber released the new version, 5.0, which is described in this article. A notable change introduced in this Cerber ...

ImageGate: Check Point uncovers a new method for distributing malware through images

 
Check Point researchers identified a new attack vector, named ImageGate, which embeds malware in image and graphic files. Furthermore, the researchers have discovered the hackers’ method of executing the malicious code within these images through social media applications such as Facebook and LinkedIn. According to the research, the attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on ...

A Complex Web: Bitcoin Mixing Services

 
Check Point’s Threat Intelligence Analysis team often comes across attackers who seek payment from their victims in Bitcoins – especially following ransomware attacks such as Cerber. Once they get paid for their criminal exploits, these actors employ all sorts of Bitcoin mixers and tumblers to cover their tracks. We decided to analyze these mixing services to achieve a better understanding of their operation methods, in an effort to provide organizations with insights into the complex cybercriminal underworld.   About Bitcoin Mixing Services Bitcoin is often thought of as a payment method that hides both the sender and the recipient, and makes it impossible to identify the ...

October’s ‘Most Wanted’ Malware List Shows Attacks on the Rise

 
Check Point’s Threat Intelligence Research Team revealed today that the number of malware attacks increased in October, as the company released its monthly Global Threat Index, a ranking of the most prevalent malware families attacking organizations’ networks. The team found that both the number of active malware families and number of attacks increased by 5% during the period, pushing the number of attacks on business networks to near peak levels, as seen earlier this year. Locky ransomware attacks continued to rise, moving it up from third to second place, while the Zeus banking trojan moved up two spots, returning it to the top three. The reason for Locky’s continued growth is ...

Can SandBlast Block Unknown Attacks? Challenge Accepted, Network World!

 
Recently, David Strom and Network World decided to put our zero-day protection technology to the test, literally. Now, after in-depth security analysis, we are excited to share the findings with you. In short, Strom found SandBlast to be a comprehensive yet easy to manage solution, which is worth the cost for effective protection against unknown malware.   Challenge No. 1: Can Zero-Day Attacks Be Detected? “No matter what virus package we tried, SandBlast caught it, cleaned it, and stopped the exploit from propagating.” In his extensive testing, David lodged multiple attacks against our SandBlast Threat Prevention Solutions. And guess what! SandBlast stopped all of ...

Clearing the fog: a vision of security for hybrid clouds

 
Have you ever driven on a high road or mountain pass that’s shrouded by low cloud? You’re at the familiar controls of your vehicle, but you can’t easily see road-signs, oncoming vehicles, which way the road goes, or other dangers. Progress can be hazardous unless you take extra precautions. The feeling will be familiar to many organizations’ IT teams as they transition some of their business applications and data to the cloud. The majority of organizations don’t have a large, centralized cloud deployment that has completely replaced their physical networks simply because this type of wholesale migration is costly and involves a great deal of planning, resources and risk. ...

Denied! Dealing with Global Distributed Denial of Service

 
Cyber security has recently reached yet a new level of public awareness, as the world learned that an army of bots hosted on internet connected cameras were able to cause outages to well-known internet services such as Twitter, Amzaon, Spotify and Netflix. The global Distributed Denial of Service (DDoS) attack on DYN, a large DNS infrastructure company, caused the downtime, may not have shocked internet security professionals, but it gave yet another demonstration of the fragility of the Internet grid. Fortunately it was not as damaging as it could have been.   The internet is a platform of innovation and inspiration. We can all invent, develop and release our work for free or ...