Check Point Blog

Welcome to the Check Point Blog where you will find posts tagged in two categories:

  • Threat Research: Research findings, threat intelligence, and perspectives from Check Point’s research teams
  • Security Insights: Perspectives on current events and the security landscape from Check Point thought leaders


Get started by choosing a category, or read them all!

Sort blog posts by:  

A Whale of a Tale: HummingBad Returns

 
  Check Point researchers have found a new variant of the HummingBad malware hidden in more than 20 apps on Google Play. The infected apps in this campaign were downloaded several million times by unsuspecting users. Check Point informed the Google Security team about the apps, which were then removed from Google Play. This new variant, dubbed ‘HummingWhale,’ includes new, cutting edge techniques that allow it to perform ad fraud better than ever before.   HummingBad is a malware first discovered by Check Point on customer’s devices in February 2016. HummingBad stands out as an extremely sophisticated and well-developed malware, which employed a ...

What’s the Proteus Botnet and how does it work?

 
  The Proteus botnet emerged toward the end of November 2016.  Only a few samples of it were found in the wild and, at the moment, it doesn’t seem to have a widespread campaign.  So, what does it do? It launches a multi-layered attack on an infected machine where it runs several processes aimed at coin mining, credential theft, and keylogging.  In addition, the bot can perform on its own; it offers the cybercriminal to send commands over HTTP to download malicious executables and execute them.   In some samples, the botnet disguises itself as a Google Chrome executable. The functionality of the botnet is highly reliant on its C&C (command and control) server, ...

Malware Takes a Christmas Break in December’s Global Threat Index

 
Global malware attacks decreased by 8% in December compared with the previous month, with the popular Locky ransomware recording a huge 81% decrease per week, according to the latest monthly Global Threat Index from Check Point’s Threat Intelligence Research Team. This isn’t an invitation to businesses to sit back and relax, however. Our team predicts that this lull really is due to malicious cybercriminals taking a Christmas break – and, following the same trends last year, when December recorded a 9% drop in the number of malware attacks worldwide, we expect attack volumes to bounce back in January.   The Global Threat Index tracks malware attacks against ...

SWIFT Attacks Require Swift Investigations

 
Gadi Naveh, Advanced Threat Prevention Evangelist and Tamara Leiderfarb, SandBlast Agent Technology Leader. SWIFT, the global financial messaging system, issued an alert message regarding new customer’s compromised environments by sophisticated adaptive attackers in an attempt to send fraudulent payment instructions. This resulted in February this year, when a successful attack of over $1 billion transactions were made from Bangladesh’s central bank resulted in $81 million in unrecoverable losses. This added to several other SWIFT heists disclosed and suspected.   Some research suggests that these attacks connect them to previous high yielding actors such as the Carabanak ...

The Right Security Architecture

 
When it comes to maintaining the best security, size doesn’t matter. Big or small, the dynamics of how companies secure their data have evolved as the security landscape has changed. In the past, security was focused on the perimeter, but today, it must be pervasive: everywhere, in everything and must move from simple access control at the perimeter to application and user awareness and full layer-7 threat prevention at multiple points throughout the environment.   The Right Security Architecture The right architecture creates a framework for a stable security platform. By implementing the correct architecture, you eliminate single points of failure providing the necessarily ...

Looking for a New Employee? Beware of a New Ransomware Campaign

 
Despite trying to brand itself as a new malware, GoldenEye, the latest Petya variant, is very similar to older versions and differs mostly in its “golden” motif. The most prominent change, however, is how the campaign spreads the ransomware. The current campaign used to distribute GoldenEye has a job application theme. It is therefore aimed at companies’ Human Resources departments, due to the fact they usually cannot avoid opening emails and attachments from strangers, a common malware infection method. HR-Targeted Ransomware The new campaign targets German speakers and mimics a job application. The email contains a brief message supposedly from a job applicant and ...

How We Found Two New Ransomware Families and Built Their Decryptors

 
Ransomware is one of the most common and effective attack methods today, and it seems this trend isn’t going to change anytime soon. This last November, we found that ransomware attacks are surging, with our Global Threat Index showing that the number of ransomware attacks using Locky and Cryptowall increased by 10%. Today, Check Point’s Threat Intelligence Team reveals two new ransomware samples that were found in the wild, but also the decryption solutions which can help victims retrieve their lost data free of charge. Check Point is an Associate Partner of the No More Ransom (NMR) project, which aims to fight back against the ransomware epidemic. As such, our new decryption ...

Check Point discovers three Zero-Day Vulnerabilities in web programming language PHP 7

 
PHP 7, the latest release of the popular web programming language that powers more than 80% of websites, offers great advantages for website owners and developers. Some of them include doubling the performance and adding numerous functionalities. Yet for hackers, it represents a completely fresh attack vector, where they can find previously undisclosed vulnerabilities. During the past few months, we have analyzed PHP 7 and made it a priority to look into one of the most notoriously vulnerable areas of PHP: The unserialize mechanism. This is the same mechanism that was heavily exploited in PHP 5 and allowed hackers to compromise popular platforms as Magento, vBulletin, Drupal, Joomla!, ...

No More Ransom! Check Point adds firepower to the global ransomware battle

 
If you didn’t know what ransomware was at the start of this year, chances are that you do now. It’s been the biggest cybersecurity story of 2016 for both businesses and consumers. Back in February, a Hollywood hospital was forced to pay $17,000 in bitcoin to get its systems back online after an attack; while over the Thanksgiving weekend, ransomware hit San Francisco's Muni Metro, forcing it to give passengers free rides.  It has also found to be spreading in malicious images files on Facebook and LinkedIn.   What’s more, attacks targeting companies have trebled since January 2016. According to a new report, they have been reaching a frequency of one every 40 seconds, ...

Cloud Security Predictions and Trends

 
It’s that most wonderful time of the year – the time where I like to take a look back and reflect on what the year has been as well as look forward to take a peek into next year. With the start of every new year we see many exciting new trends. But if the past is any indication, the security threat landscape will constantly change and present new challenges ahead. Looking into some of those trends and challenges is our Check Point security team. At the end of each year, they spend time imagining what the threat landscape might look like in the coming year. This gives us the opportunity to analyze the security trends we’ve followed over the past year, and it allows us to creatively ...