In The Wild: Mobile Cybercrime Goes Big in 2015

 
Cybercriminals made significant advances in the sophistication and number of attacks on mobile devices in 2015. As we head into a new year -- and into new uncertainties for mobile security -- let’s remember a few of the most spectacular attacks to help us better understand what to be aware of in the months to come. Hacking Team Hacked The Italian-based hacker group “hacking team,” which claimed to develop surveillance tools for law enforcement and governmental organizations around the globe, was hacked on July 5, exposing 400 gigabytes of data to the public eye. Among the hacking tools discovered in the data breach was an iOS malware that exploits a vulnerability that performs ...

Check Point Threat Alert: Outlook OLE Vulnerability

 
Object Linking and Embedding (OLE), developed by Microsoft, allows users to embed and link to documents and other objects. However, a Remote-Command-Execution vulnerability was found in Microsoft Office that allows remote attackers to execute arbitrary code via a crafted email message processed by Outlook. Microsoft Outlook has a sandbox bypass vulnerability which allows an attacker to bypass Outlook's security layers and exploit Office's OLE capabilities. A remote attacker can send a victim an e-mail containing a specially crafted attachment. This attachment may embed an OLE object that leverages a second vulnerability in other registered OLE software. The vulnerability was found by ...

Check Point Threat Alert: Joomla RCE Zero-Day

 
On December 14, a new version of Joomla, an open-source content management system (CMS) which allows you to build websites and powerful online applications, was released to patch a critical 0-Day Remote Command Execution (RCE) vulnerability that affects all versions from 1.5 to 3.4. The vulnerability is due to lack of validation of input objects that can lead to remote command execution. A remote attacker could exploit this vulnerability by sending a malicious request to the victim. The vulnerability was exploited in the wild a few days before a patch was available and, now that the issue is public, is being exploited even more actively and widely. Check Point released an IPS ...

Angler EK Pushing TeslaCrypt

 
In recent weeks, we have witnessed a very large up rise in TeslaCrypt infection attempts. TeslaCrypt is a relatively new ransomware, first reported in the beginning of 2015. Although it is not the most sophisticated malware, it is continuously maintained and updated by its authors, and still manages to spread through various infection vectors. In the previous week, there has been a nine-fold increase in infections, as reported by Symantec. Most of the infections in this current campaign are delivered by spam.   On December 16th, Check Point researchers identified a large increase in TeslaCrypt infection attempts via Angler Exploit Kit. Angler Exploit Kit (EK) is a ...

Check Point’s Security Predictions for 2016: PoS

 
The holiday season is here, and the retail industry is preparing for shoppers who are rushing to take advantage of sales and purchase gifts in-store or online. However, continuous point-of-sales (PoS) attacks have been making headlines in the last few years. In 2013, Target confirmed a massive credit card data breach that affected 40 million customers. Last year, Home Depot said 56 million credit cards were possibly compromised in an attack on their payment terminals. And just recently, Hilton confirmed that malware attacked their PoS systems to extract financial information. These past few years have shown a rise in data breaches, and Check Point expects this growing trend to continue ...

In The Wild: Mobile Security Observations from the Check Point Research Team

 
We already know mobile threats are becoming more and more sophisticated every day. As cyber criminals exploit new vulnerabilities, they also discover new techniques that make it easier to attack our smartphones and tablets. Most end users don’t fully understand the risks, and can be easily tricked into circumventing on-device protections. That means if they’re using devices for work purposes, they could be putting sensitive enterprise data at risk, as well as their own. Recently, researchers uncovered two new mobile Remote Access Trojans (mRATs) that clever cybercriminals have tricked end-users into installing on their Android mobile devices. These mRATs are prime example of how ...

Singapore Mobile Device Users Are Under Cyber Attack

 
On December 1, 2015, the Association of Banks in Singapore (ABS) announced information about a Trojan designed to steal financial information from mobile device users. Check Point researchers retrieved samples of this malware and conducted an in depth analysis. This banking malware is actually a tweaked version of an existing financial infostealer called “GMBot” (SHA256: 9776d10a6aa8155d90eeef81c42e8459f53a39fb7497dd2d7fd4b6fe1a563a1b) and has already infected at least 50 mobile devices in Singapore. The malware is downloaded onto devices by tricking users with fake URLs disguised inside a popup urging them to install a required Android system update. Once installed, it requests ...

Check Point Names Julie Parrish as Chief Marketing Officer

 
Check Point today announced the appointment of Julie Parrish as the company’s Chief Marketing Officer. As the newest member of our executive team, Parrish will lead the company's global marketing organization, overseeing strategic initiatives to drive awareness and demand for the Check Point’s expanding portfolio of industry-leading security solutions. Prior to joining Check Point, Parrish was a senior vice president at NetApp – first as a key executive leading the worldwide channel sales, then as chief marketing officer. She has held numerous senior leadership positions in marketing and channel sales at Fortune 1000 companies including Symantec, Veritas, Nokia and 3Com (now ...

Check Point’s Security Predictions for 2016

 
At the beginning of last year, Check Point’s top predicted security threats for 2015 included the rapid growth of unknown malware and the exploit of vulnerabilities in platforms such as Android and iOS. These predictions did come true – and they continue to remain a significant threat today. We’re nearing the end of 2015, but cybercriminals are already preparing for more attacks in 2016. As we’ve seen from this year’s data breaches at Anthem, Harvard University, Experian, and TalkTalk, hackers are still finding creative ways to attack networks. After looking back on the cyberattacks of this year, we are anticipating the next wave of threats, hoping organizations can use this ...

Check Point Threat Alert: Web Shells

 
Web shells can be used to obtain unauthorized access and can lead to wider network compromise. Consistent use of web shells by Advanced Persistent Threat (APT) and criminal groups has led to a significant number of cyber incidents. This alert describes the frequent use of web shells as an exploitation vector and Check Point’s IPS guidance and relevant IPS protections addressing these threats. A web shell is a script that can be uploaded to a web server to enable remote administration of the machine. It can be written in any language that the target web server supports. The most commonly observed web shells are written in languages that are widely supported, such as PHP and ASP. Perl, ...