Check Point Blog

Welcome to the Check Point Blog where you will find posts tagged in two categories:

  • Threat Research: Research findings, threat intelligence, and perspectives from Check Point’s research teams
  • Security Insights: Perspectives on current events and the security landscape from Check Point thought leaders


Get started by choosing a category, or read them all!

Sort blog posts by:  

Ransomware: what you need to know

 
In recent years, there has been a surge of ransomware attacks. It’s been reported all over security blogs, tech websites and in the news. Unfortunately, these attacks show no signs of slowing. If anything, they are getting worse. Cryptolocker, the first famous ransomware, was observed in the wild in 2013. From then until mid-2015, there were only a few active ransomware variants and their infection methods were limited. Some of these variants were even weak enough that it was possible to decrypt files without paying ransom. While quite a lot of variants have been created since then, many of them either don’t effectively infect users or run a low profile campaign. A good example is ...

Securely Embrace the Hybrid Cloud

 
The trend in enterprise IT is to move from a hardware-centric to an application-centric network model, enabling businesses to streamline processes and improve end-user experiences, all while enhancing their competitive positioning. As a result, IT organizations are under tremendous pressure to rapidly transform in order to keep pace with these new business demands. This need to run processes more efficiently, improve time-to-market and enhance user experience is subsequently driving more and more businesses to embrace IaaS as part of their IT strategy.   The rising tide of cloud deployments is providing sufficient proof-points of the business benefits of public cloud ...

The Cure for Your Private Cloud Security Blues

 
Hot off the heels of Cisco Live! in Las Vegas, there’s a continued buzz about the Cisco Application Centric Infrastructure (ACI) and how it is helping organizations transform from legacy to next-generation private cloud data centers. In fact, front-and-center to this year’s event was the desire to transform Cisco offerings and make them more cloud-like, responding to the transition businesses are currently undertaking as they move further away from hardware-centric networks. The excitement could be felt all the way up here in the Bay Area– and one thing is clear; the move to modernize data center networks is challenging our traditional security approaches.   The desire to ...

Check Point Forensics: CTB-Faker Ransomware

 
SandBlast Agent Forensics Introduction The concept is quite simple: we run a malware sample on a PC in our malware lab, with all protections turned off, and let SandBlast Forensics automatically analyze it, providing comprehensive analysis of the security incident. In addition to the blog, we are thrilled to now provide you with access to the interactive forensic report. This is the same report that a CISO, Security Admin or Incident Responder would get with SandBlast Forensics. To view the interactive forensic report, simply click on any of the images below. The forensic report is best viewed on wide screens with resolutions greater than 1280 x 768. The ideal browsers to view the ...

Top 10 Most Wanted Malware

 
Check Point Software Technologies today published its latest Threat Index, revealing the number of active malware families increased by nearly two-thirds in the first half of 2016, led by the number of threats to business networks and mobile devices. During June, Check Point detected 2,420 unique and active malware families attacking business networks, a 61 percent increase compared with January 2016 and a 21 percent increase since April.  The continued rise in the number of active malware variants once again highlights the wide range of threats organizations’ networks face, and the scale of the challenges security teams must overcome to prevent an attack on their business critical ...

Ransomware’s Motto: The Simpler, The Scarier, The Better

 
A lot has been said about the ransomware epidemic. The number of infections worldwide increases daily, as well as the number of different variants. Check Point researchers have been analyzing ransomware for almost two years, and it has been a fascinating study. We can easily follow the trends, common aspects, and differences between ransomware families. As each wave of ransomware is countered by new security measures, ransomware adapts and changes directions to successfully bypass them, in an endless game of cat and mouse. Incoming: ransomware Ransomware has many variants, and each family’s execution flow is unique. However, despite these differences, all families share common ...

Stop Before You (Pokemon) GO

 
The excitement over the new game Pokemon GO has taken the world by storm. Because it's available only in limited countries right now, some people may be tempted to download the app from sources other than Google Play or the Apple App Store. Getting apps from unofficial sources can expose you to malicious apps that can be used to steal sensitive information or even to spy on you without your knowledge. In this video, Check Point explains how cybercriminals can repackage the Pokemon GO app for Android, turning it into malware that can steal messages, photos, and more. Check Point Mobile Threat Prevention can detect and stop repackaged malicious apps, keeping your device and the ...

Malware’s Constant Evolution Requires Advanced Protections

 
Malware developers are fast learners. They adapt to new security measures in record time and find new ways to evade detection or at least stay hidden long enough to complete their malicious goals. In this blog we review some of the cutting-edge techniques attackers use to bypass defenses and the techniques we use to protect users from these constantly evolving threats. The return of the Dridex banker malware The infamous Dridex banker resurfaced recently, targeting American banks. The malware spreads through phishing emails that contain malicious files, which can be executables or documents with embedded macro commands. Besides deceiving users, Dridex uses several advanced evasion ...

DIY Attribution, Classification, and In-depth Analysis of Mobile Malware

 
The security research community has been dealing with malware attribution and classification for decades. The benefits of this process for PC-based malware are myriad and well known. Check Point has followed the same process for multiple malware campaigns during the last year, including Volatile Cedar, Rocket-Kitten, and the Nuclear Exploit Kit. In fact, the PC malware research field is so mature that many security-savvy enterprises now have their own internal teams of cyberanalysts. These teams conduct in-depth malware research as part of their incident response and threat intelligence duties with a focus on their organization’s specific needs, domains, and adversaries. However, ...

Jigsaw Ransomware Decryption

 
  The Jigsaw ransomware was first spotted in April 2016, and has since received a bit of traction. It became infamous thanks to an image of the Jigsaw killer from the movie ‘Saw’ displayed on the ransom note (hence its name), and its unique way of persuading victims to comply – if payments aren’t made within an hour, Jigsaw starts deleting files from the infected machine.     While investigating the latest Jigsaw Ransomware variant (SHA256: 61AA800584B170FFE9959ACD057CCAF784BF3088E1D3AAB39D07C0793F6C03DF) and its false claims to steal users’ credentials and Skype history, we came across the mechanism the ransomware uses to check whether payments have ...