Check Point Blog

Welcome to the Check Point Blog where you will find posts tagged in two categories:

  • Threat Research: Research findings, threat intelligence, and perspectives from Check Point’s research teams
  • Security Insights: Perspectives on current events and the security landscape from Check Point thought leaders


Get started by choosing a category, or read them all!

Sort blog posts by:  

Effective Security Management in a Software Defined World

 
Software defined infrastructure (SDx) along with use of private and public clouds completely transforms the way IT departments manage enterprise data centers and workloads. Automation is a key component of software defined networking (SDN), bringing network, server, security management and other IT functions or teams together. In the past when organizations deployed new applications, the application owner needed to collaborate with several teams. For example: one team installed the required servers HW and OS, a separate team connected servers to the network, and yet another team provisioned the security and firewall rules. It was as if the stars (or functional teams) had to align in ...

The Infamous Nuclear Exploit Kit Shuts Down

 
In a seeming response to the recent Check Point investigative report, the Nuclear Exploit Kit shut down its entire infrastructure and ceased operation. Background The Nuclear Exploit Kit, one of the largest attack infrastructures observed in the wild today, was recently the subject of a thorough investigation conducted by the Check Point Threat Intelligence and Research team as part of our ongoing research into the Malware-as-a-Service industry. In part I of our report, Inside Nuclear’s Core: Analyzing the Nuclear Exploit Kit Infrastructure, we reviewed in depth the various capabilities, exploits, and techniques employed by the exploit kit. We analyzed Nuclear’s operation ...

Intel Spot On with CET

 
Intel has recently published a specification for a new technology meant to detect and block malware at the processor level. The technology, developed with the help of Microsoft, is called Control-flow Enforcement Technology (CET), and its main purpose is to prevent any attempt to use Return-Oriented Programming (ROP) or Jump-Oriented Programming (JOP) for exploits. This type of exploit is used by hackers to bypass current controls that prevent non-executable code from running on the processor. Instead, the attack uses components of legitimate executable code, tying together small code sequences to perform a new function, and allowing attacker controlled data to be executed. ROP-based ...

Top 10 Most Wanted Malware

 
Today Check Point published its Threat Index for May, revealing the number of active global malware families increased by 15 percent. Last month Check Point detected 2,300 unique and active malware families attacking business networks. It was the second month running Check Point observed an increase in the number of unique malware families, having previously reported a 50 percent increase from March to April. The continued rise in the number of active malware variants highlights the wide range of threats and scale of challenges security teams face in preventing an attack on their business critical information. In May, Conficker was the most prominent family accounting for 14 percent of ...

Cerber Ransomware Targets U.S., Turkey and the UK in Two Waves

 
New ransomware families appear on a regular basis, each with a different method of operation. The Cerber ransomware, which has a sophisticated implementation process, uses a very interesting tactic in its attacks. It operates in surges with relatively low activity in between them. We have detected two such spikes in Cerber’s activity, the first in April and the second in May, each accumulating a substantial amount of victims, as seen in figure 1 below. Figure 1: Cerber Attacks per Day   Cerber targeted users in large numbers mainly in the U.S., Turkey and Great Britain, but also a wide array of other countries in smaller amounts.   Figure 2: Cerber ...

Tales from the Trenches: Modern Malware Requires Modern Investigation Techniques

 
The Check Point Incidence Response team was called in to assist a company who suffered a severe breach in their network, which was not previously protected by Check Point’s advanced protections. The team began to investigate and was extremely impressed by the malware’s tactics and sophisticated evasion techniques. The malware’s evasive nature required the team to use state-of-the-art investigation techniques to successfully remediate the network.   How it all began – inviting the malware in The breach originated in a keygen downloaded by one of the employees. While the keygen did actually work, it also contained a malicious component – the malware called ...

In The Wild: Mobile Malware Implements New Features

 
Malware developers just won’t stand still. They continue developing malware as they go, sometimes to adapt to the changing threat landscape, and sometimes simply to improve their capabilities. Recently, two examples of such advancements presented themselves, one in Triada’s code and one in Viking Horde’s. Triada’s Trident is Getting Stronger As if the original malware wasn’t bad enough, Triada has now received a dangerous update. Triada’s main purpose is to steal money transferred over SMS messages as part of in-app purchases. The malware does so by leveraging its system level malicious compromise to highjack the raw SMS data (PDU) and send it directly to its C&C ...

Trust No One – A Cyberworld Survival Guide

 
Cybercriminals are professional scammers; their specialty is tricking users into helping them achieve their malicious goals. Attackers use many different tactics, including spam, phishing emails, and fake ads. In each case, the unsuspecting user plays an active role in his own victimization when he clicks a link or opens an attachment. Recently, an unconventional campaign emerged in the wild which exploits its victims via live phone interaction. The campaign targets users who make a typo when entering a URL,   wwwcnbccom instead of wwwcnbccom, for example) or click what turns out to be a malicious link. The users are redirected to a malicious site containing a JavaScript that activates ...

Hack In The Box: Mobile Attackers Are Listening In

 
While most mobile attacks require some level of interaction with the user, Man-in-The-Middle (MiTM) attacks can achieve their goal without the user ever knowing they occurred. This type of attacks allows attackers to eavesdrop, intercept and alter traffic between your device and any other counterpart. There are several ways by which hackers can execute such attacks, the most prominent of which is using a spoofed hotspot. Many attackers establish fake hotspots with names similar to legitimate hotspot names, for example, “Starbucks Coffee” instead of “Starbucks.” Unaware, the user connects to the malicious hotspot. Once the user tries to connect to the server, the hacker uses his ...

FACEBOOK MaliciousChat

 
Check Point disclosed details about a vulnerability found in Facebook Messenger, both in the online and mobile application. Following Check Point’s responsible disclosure, Facebook promptly fixed the vulnerability.   What is this vulnerability? The vulnerability allows a malicious user to change a conversation thread in the Facebook Online Chat & Messenger App. By abusing this vulnerability, it is possible to modify or remove any sent message, photo, file, link, and much more. The vulnerability was fully disclosed to the Facebook Security team earlier this month. Facebook immediately responded, and after a joint effort, the vulnerability was patched. Click here to ...