iOS Crowned Insecure, Google Gets to Work, Budget Tablets Dangerous – Mobile Security Weekly

 
Google is happy to be the focus of attention this week with its release of Android for Work, which was first announced in July 2014. On the other hand, Apple isn’t exactly pleased with the fact OSX and iOS have been named the most vulnerability-ridden operating systems of 2014. Finally, a reminder that cheaper isn’t always better -- many of the budget Android tablets aimed at kids are packed full of security hazards. iOS tops 2014 Mobile Security Vulnerability list iOS took the crown this week as the mobile operating system with the most vulnerabilities in 2014. Both Apple's desktop and mobile operating systems have seen a rise in security vulnerabilities ...

Is Software Defined Protection the New Software Defined Networking?

 
Software Defined Networking (SDN) is the latest buzz term to take over the networking world – and is not to be overlooked. With the goal of automating network infrastructure functions that used to be fixed or manual, the aim is to take complex configuration tasks and make them programmable. When implemented correctly, it should make deployment of networking services much faster, smoother, and more predictable. We believe the same thing about security, so we created Software-defined Protection (SDP). Essentially, SDP is the least complex way of looking at security and programming it to protect your network. It is modular, agile and most importantly, SECURE. It builds on concepts those ...

Angler Exploit Kit – Blocking Attacks Even Before Zero Day

 
The Story Blocking attempts to use exploit kits (EK) against our customers is one of Check Point's main targets in IPS. Thus, our Intelligence Teams follow closely the trends in this world. On late December, we noticed hype around a specific EK, namely, Angler EK, and decided to give high priority to writing an IPS protection against it. The protection was included in the IPS package released for customers on January 13th. We will later elaborate on the technicalities of the protection. Just two days after releasing this protection, we witnessed real attack attempts on some of our Managed Security Service customers, detected by their IPS blade. Attacked customers included a major bank ...

Malware Analysis 101

 
Introduction A common misconception about malware is the great difficulty of performing malware analysis and the technical requirements involved. When many technical users are faced with a malware infection and asked to analyze it, they may think, "Hey, I've heard about this kind of malware. I've even read some malware reports, and they sound really complex! I'm not a professional malware analyst or a reverse engineer, so what can I possibly say about this malware?" In this blog post, we break down some of these misconceptions and overcome the conceptual obstacles by demonstrating that most malware can be analyzed by practically anyone with basic technical abilities. We will take ...

Malware Analysis – CTB-Locker

 
Executive Summary CTB (Curve-Tor-Bitcoin) Locker is a crypto-ransomware variant. It is based on advanced algorithms which are used in different combinations, making CTB-Locker significantly more difficult to detect and neutralize. CTB-Locker (aka Critroni or Onion) is based on a so-called encryptor, which encrypts all of a user’s personal data and extorts payment to decrypt the files. It is spread via email spam. Kaspersky Lab recognizes CTB-Locker as a Trojan-Ransom.Win32.Onion. Distinctive features of this family include using combinations of cryptographic algorithms and features of the TOR network. The hackers extort payment in Bitcoins, known to provide anonymity in currency ...

Targeted Attacks on Enterprise Mobile Exposed in New Threat Research

 
New Report: mRATs Caught in the Enterprise With the number of high-profile mobile threats and vulnerabilities like Operation Pawn Storm, xSSER mRAT, and Masque Attack growing, cybertheives are putting more focus on new ways to perform targeted attacks. To help our customers better understand and quantify mobile threats in the enterprise, Lacoon Mobile Security, in collaboration with Check Point, conducted a research study. This study focused on commercial mobile surveillance kits, also known as Mobile Remote Access Trojans (mRATs). Many CISOs we have worked with view mRATS to be the mobile malware they are most concerned about from a risk and threat perspective. When used ...

New Android Trojans, Gremlins Inside Play, iPhone’s Safe and Sound – Mobile Security Weekly

 
It’s mostly bad news this week for Android, with two new threats placing millions of users at risk. However, from the Apple point of view, it’s been a good week - iPhone theft is down -- way down. Let’s take a closer look... New Android Trojan Flies Under the Radar Many Android malware strains try to obtain as many permissions as possible to get absolute power over a victim’s device. But earlier this week, a new Android Trojan that asks for few permissions to avoid discovery was discovered and assessed by researchers. Currently named Trojan.Downloader.Agent.gp, this trojan pushes traffic to certain advertising URLs, thus creating ...

Anthem Breach: a Slow and Silent Attack

 
The attack on Anthem, the second-largest health insurer in the U.S., which exposed identifiable personal data of tens of millions of people, was probably not a smash-and-grab raid but instead a sustained, low-key siphoning of information over a period of months.  The breach was designed to stay below the radar of the company’s IT and security teams, using a bot infection to smuggle data out of the organization. According to statements released by Anthem, the first signs of the attack came in the middle of last week, when an IT administrator noticed a database query was being run using his identifier code when he had not initiated it.  The company determined that an attack had ...

Demystifying iOS Enterprise Certificates

 
In light of recent events, we’re taking a look at iOS Enterprise certificates from a mobile security perspective. By examining the WireLurker case, we see that Apple’s framework for enabling companies to create and distribute apps intended for in-house use only has been the root of a serious security issues. What exactly are enterprise certificates and who are they for? For $99, any developer can build Apple apps then install them on their own devices for testing before submitting them the App Store for sale. Each developer account is allowed to install their apps on a limited number devices for development and testing. The iOS Developer ...

iOS Attacked (Again), Play’s Got Adware, Outlook Has Security Flaws – Mobile Security Weekly

 
This has been quite the week in the world of mobile security. We’ve seen major malware campaigns targeting personal and enterprise users, iOS and Android and even jailbroken and non-jailbroken devices. This goes to show there’s no part of the mobile device ecosystem that can consider itself immune. Serious Malware Campaign Begins to Target iOS Devices Attackers, most likely of Russian origin, are using a strain of malware named XAgent to target iOS devices of targets in the US government, defense and media sectors. The attack, which affects both jailbroken and non-jailbroken devices is believed to be a continuation of a malware campaign from October 2014 ...