Volatile Cedar – Analysis of a Global Cyber Espionage Campaign

 
Today, we announced the discovery of Volatile Cedar, a persistent attacker group originating possibly in Lebanon with political ties. Beginning in late 2012, the carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive. This report provides an extended technical analysis of Volatile Cedar and the Explosive malware. Malware attribution is often tricky and deception-prone. With that in mind, investigation of ...

What Can We Learn from Clinton’s “Email-gate”?

 
Hillary Clinton has been scrutinized for using her private email account for Department of State-related correspondence. The so-called “email-gate” has put Mrs. Clinton in a hot-spot forcing her to provide explanations to what appears to be not only an attempt to hide official correspondence from the public but, more importantly, a breach in security.   When questioned Clinton answered, “Looking back, it would’ve been better for me to have used two separate phones and two email accounts. I thought using one device would be simpler and, obviously, it hasn’t worked out that way.”   Looking at the bigger picture of this conversation, she brings up an ...

Half of Androids Vulnerable, Half of App Makers Eschew Security, iOS Jailbreak Coming – Mobile Security Weekly

 
This week’s edition includes some worrying numbers: half of Android users are at risk from a new vulnerability, and half of app makers spending $0 on security. And the iOS world may be in for another shake as hackers from around the world head to Beijing this weekend with the aim of defeating the new versions of iOS and releasing a jailbreak. Half of all Android users at risk from newly discovered vulnerability Researchers have discovered a serious Android security vulnerability that enables threat actors to replace legitimate apps with malware during installation. Only some hardware manufacturers have released patches to address the issue, leaving half of ...

Intelligence Report: Equation Group

 
Executive Summary The Equation Group, active since 2001, is a highly advanced and secretive computer espionage organization. The first report on Equation was published by Kaspersky during their 2015 Security Analyst Summit. The malware used in their operations, dubbed EquationDrug and GrayFish, is capable of reprogramming hard disk drive firmware. The group is using advanced techniques, predilection for strong encryption methods, and high degree of covert behavior. There are indications of about 500 malware infections by the group's tools in at least 42 countries.   Overview The group was named Equation due to the hackers’ evident fondness for encryption algorithms and ...

CuckooDroid – Fighting the Tide of Android Malware

 
The future is mobile. Few experts doubt this conclusion these days. The accelerating proliferation of smartphones and other devices powered by the Android operating system throughout the world has created a corresponding increase in mobile apps – especially malicious mobile apps. This relatively new, but rapidly evolving, type of malware poses previously unseen dangers.   As part of Check Point’s continuous efforts against the rising tide of mobile dangers, we, the Malware Research Team, want to learn as much as we can about the constantly shifting Android malware landscape – which means understanding the internal operation of as many malicious apps as we can. Manual ...

Go Atomic or Go Home

 
Have you never heard the term ‘Atomic Segment’ used in security? Me neither. That is, until I came to Check Point. If you think about it, it makes a lot of sense. An atomic segment is a set of computing and networking elements that: (1) share a common security profile; (2) cannot further be subdivided into smaller segments; and (3) can be protected using a set of distinct policies that control all commands and communications between the segment and external entities. It is a critical area needing protection. When we talk about protecting a network, you have to assume your security policies won’t catch everything. Whether a virus or hacker, once an intrusion appears inside most ...

FREAK Lives On, Play Has Adware, iOS Brute-Force Attack – Mobile Security Weekly

 
This week we highlight several emerging trends within the world of mobile security, including a case of app developers leaving users vulnerable while the others showcase “foolproof” security measures getting duped. Not the best of weeks for mobile users. Millions of User Still Vulnerable to FREAK Attacks A few weeks ago, we updated you on FREAK attack - a vulnerability that made it possible for attackers to decrypt SSL-protected traffic passing between Android or Apple devices and millions of websites. Despite causing major headlines, it seems that many developers are yet to act. Researchers have tested both the iOS and Google app stores ...

Check Point Reveals New RCE Vulnerability in BitDefender Anti-Virus

 
Check Point's Malware and Vulnerability Research Group today revealed new research into potential attacks of a crucial component in the Windows operating system, and demonstrated the use of such an attack by revealing a previously unknown vulnerability in Bitdefender Anti-Virus.   The operating system component, known as NDIS, serves as the connecting layer between the network adapter card and the operating system itself. As a result, NDIS presents a huge attack surface: it has to process all network inputs regardless of whether the operating system is configured to accept them or not.   Check Point researcher Nitay Artenstein voiced concerns that NDIS is not properly ...

Dropbox Ball Drop, Podec Pwns Captcha, Apple (Again) Patches iOS – Mobile Security Weekly

 
Mobile technology has had a few big weeks. We’ve been given a glimpse into the future at Mobile World Congress in Barcelona (Lacoon was also there) and Apple has raised the stakes again with its upcoming release of iWatch -- which is priced from about $350 up to a mind boggling $17,000. In mobile security news, threat actors have defeated the Captcha security system, and another substantial vulnerability that can affect millions of Android users has been discovered. We won’t be surprised if this one causes quite a bit of confusion. Vulnerability Discovered in Dropbox SDK A software vulnerability in Dropbox’s SDK for Android (versions ...

Shiver Me Timbers! DDoS Attacks Caused by Pirate Bay Trackers and DNS Misconfigurations?

 
In January of 2015 the Check Point Incident Response team (CPIR) had two DDoS attack cases from separate customers with similar characteristics: The first case: On Saturday January 10th a US Children’s Hospital called the CPIR Emergency Hotline because they were suffering a DDoS attack.. After quick examination, the attack traffic was found to have originated in China. It consisted of properly formatted HTTP GET requests destined for the customer’s webserver, but were requesting URLs that did not exist. The customer had old versions of the Check Point Security Gateway which limited their response capabilities. Much of the traffic in this case contained the ...