Stopping the Next Massive Cyberattack – Step 5: Incident Response Plans

 
The Do’s and Don'ts of a Strong Incident Response Plan Check Point’s 2015 Security Report revealed that 81% of organizations said they experienced a data loss incident in the previous year. If there’s one conclusion we can draw from that, it’s that preparing a strong incident response (IR) plan is more critical than ever.   The right IR preparation can be the deciding factor between an extreme breach and a contained incident. Immediate action is crucial in the wake of an attack.  By eliminating uncertainty and debate, your IR plan will help your team act as a swift and a cohesive unit. Your organization can make smarter decisions, reduce damage and associated costs, ...

Microsoft Word Intruder RTF Sample Analysis

 
  Background Check Point researchers obtained a sample of a malicious Word document that was used in an attack attempt against one of our customers. The sample itself is a Rich Text Format (RTF) file with a .DOC extension. Recently, there has been a resurgence of the trend to use malicious macro code inside office documents. However, this wasn’t the case here.   Launching the sample resulted in two GET requests with a small time difference between them: http:////img.php?id= - Response is a 1x1 white JPG http:////img.php?id=&act=1 - Response is a malicious payload   There were other HTTP requests as well, but they were generated by the ...

Zero-Day Flaw Victimizes Apple iOS and OSX Apps

 
Researchers this week disclosed zero-day flaws in Apple’s iOS and OSX operating systems that allowed them to raid password keychains, crack secure containers, and circumvent Apple App Store security checks. The group of six researchers from Indiana University, Peking University and Georgia Institute of Technology claims that almost 90% of the over 1,600 OSX apps and 200 iOS apps it tested are vulnerable, making this a significant concern for Apple platform users. These apps are victimized by what the group calls an “unauthorized cross-app resource access (XARA)” attack, which allows malware to steal secure data. The design of Apple’s operating systems is supposed to thwart ...

Stopping the Next Massive Cyberattack – Step 4: Monitor

 
With the rise of cyber threats, ensuring your organization is protected against malicious attacks requires constant awareness and visibility into the network’s security infrastructure. Monitoring network activity is essential to strengthening an organization’s defense against cyberattacks, as it will allow the administrator to observe network and security performance while detecting any problems or failures that may occur. This will provide greater insight into the network to help identify potential threats, and reveal security controls or policies that are no longer effective.   It may seem obvious, but monitoring logs on a daily basis is an absolute necessity when it comes ...

Check Point 2015 Security Report Paints a Picture of the Threat Landscape—And it’s Not Pretty

 
This month, Check Point released its annual security report—a trove of statistics and trends culled from collaborative research and in-depth analysis of more than 300,000 hours of monitored network traffic, from more than 16,000 Threat Prevention gateways and one million smartphones. The bottom line, to state the obvious: Things are getting worse out there. Hackers are becoming smarter, and their tools and methods are evolving. They are now capable of much more damage than ever before. To secure your organization, you need to be more proactive and constantly update your security infrastructure. Understanding the trends and areas where hackers are zeroing in is a good first ...

Critical Infrastructure is at Risk!

 
Almost all of today’s modern conveniences, such as electricity, transportation, water systems, and manufactured products, are managed by industrial control systems (ICS). Many of these systems are considered to be critical infrastructure and operate as the backbone of a nation's economy, security and health. An attack on these systems and networks has the potential to shut down an entire region or country's power grid and disrupt utilities and critical systems and production lines, which could lead to mass chaos and irreparable damage.   Protecting critical infrastructure is imperative as once a cybercriminal gains access to a control system, damage is inevitable. The result of ...

New Data: Volatile Cedar Malware Campaign

 
      At the end of March, we published a blog post and a whitepaper about a cyber-espionage campaign dubbed “Volatile Cedar.” This campaign has successfully penetrated targets world-wide, using a variety of attack techniques, in particular, a custom-made malware implant codenamed Explosive.   Let's recap what we know:   The Campaign: The Volatile Cedar operation has been active since 2012 and has evaded detection by the majority of AV products. Volatile Cedar constantly monitors its victims’ actions and rapidly responds to detection incidents. Explosive is a specially crafted Trojan type of malware, implanted in targets and used to ...

Stopping the Next Massive Cyberattack – Step 3: Implement Security Controls

 
After assessing network strengths and weaknesses and building a properly segmented network, the next step to stronger security is to implement security controls. Cybercriminals are using sophisticated methods to attack specific targets and steal valuable information. The only defense against these attacks is an equally advanced security system where multiple layers work together to identify, expose, and extinguish threats. Implementing a multi-layered threat prevention solution will provide several lines of defense to secure the most critical assets of an organization. These security protections are essential layers that work in tandem to find and track malicious threats as they move ...

New Vulnerabilities Discovered In WordPress

 
Not Just Another Broken Link…   Introduction     Check Point researcher Dikla Barda recently discovered critical vulnerabilities in two widely used WordPress plugins: the Broken Link Checker and the Download Manager. These vulnerabilities allow: Access to private data by unauthenticated users via Path Traversal. Execution of malicious code and theft of user sessions via a stored XSS vulnerability.   Both plugins are widely deployed over 1.4 million web sites & they already issued a patch for these vulnerabilities.   Vulnerable WordPress plugins:   Broken Link Checker   Broken Link Checker is a plugin that ...

“Troldesh” – New Ransomware from Russia

 
Overview   “Troldesh”, aka Encoder.858 or Shade, is a Trojan and a crypto-ransomware variant created in Russia and spread all over the world.   Troldesh is based on so-called encryptors that encrypt all of the user’s personal data and extort money to decrypt the files. Troldesh encrypts a user’s files with an “.xtbl” extension. Troldesh is spread initially via e-mail spam.   A distinctive feature of the Troldesh attack is direct communication with the victim. While the most Ransom-Trojan attackers try to hide themselves and avoid any direct contact, Troldesh’s creators provide their victims with an e-mail address. The attackers use this email ...