A Major Step Ahead in Network Security

 
It’s January 2016 and my New Years’ resolution is still fresh in my mind. In addition to visiting the gym more frequently and losing some of my “holiday” weight, I am also resolute that this year will be another big year of cyber security headlines and major breaches, even though network security spending continues to rise. With all the publicity of late, it’s clear we need to think differently about security to start gaining the upper hand. Cyber criminals are getting smarter, leveraging highly sophisticated attacks, adapting their tactics to exploit any weakness and ultimately achieving their goals. These advanced techniques require an equally advanced security approach, one ...

In The Wild: Mobile Security Observations from the Check Point Research Team

 
In the last two weeks, we have seen malware bypass Google Play once again, and others leap over the 2FA obstacle. In addition, new reports show that even the most guarded vendors’ security designs can allow malware to infect them through built-in flaws. Let’s review the top stories: Blackphone: A Bleak Vulnerability Found Researchers discovered a vulnerability in Blackphone, which is supposedly one of the most secure phones on the market. The vulnerability was found in the phone’s NVIDIA Icera modem which communicates with an open socket with elevated privileges. This port could potentially receive commands from other applications installed on the phone. If exploited, the ...

Something is Cooking in Brazil

 
Looking at the global cyber landscape, we can see many campaigns and persistent threats occurring at different locations around the world. One example that has not drawn much attention is Brazil’s nationwide fraud campaigns. These come in different forms, beginning with simple phishing scams whose aim is to intercept and harvest credentials from unsuspecting users. As Brazil is the fifth largest country in the world, it may come as no surprise that these attacks are widespread and occurred very often in the past several years. We had the opportunity to observe a live demonstration of one such campaign, currently taking place, which has implications of large scale activity. On October ...

Ukraine Power Outage Demonstrates Infrastructure Vulnerability

 
The night before Christmas Eve, the Ivano-Frankivsk region in western Ukraine, an area the size of Connecticut, experienced a power blackout due to what was later identified as a cyberattack. The attack was said to have targeted the power company Prykarpattyaoblenergo, and affected at least 80,000 people, which is approximately half of the region’s population. Check Point recently released a report on the vulnerability of critical infrastructure, and the attack on the Ukrainian power grid shows just how real that threat is. This issue has often been discussed by experts in the past, but up until now these discussions had no public realization. The attack is said to be linked to the ...

Check Point Threat Alert: Cryptowall 4

 
Executive Summary Ransomware is a type of malware that restricts access to an infected computer system and demands a ransom payment to remove the restriction. Some ransomware encrypt the files on the system's hard drive, while others may simply lock the system and display threatening messages to force the user to pay. Cryptowall is a ransomware Trojan which targets Windows. It first appeared in early 2014. The latest version, Cryptowall 4.0, appeared in November 2015 and it is considered a very prevalent ransomware.     Description Cryptowall 4.0 is the fourth version of the popular ransomware. It recently emerged with improved encryption tactics and better ...

Check Point Threat Alert: BlackEnergy Trojan

 
Executive Summary BlackEnergy malware has been around since 2007, first appearing as a simple DDoS tool. In 2014, it made a comeback as a highly sophisticated and customized malware, featuring support for proxy servers and a wide range of system operations. Observed targets on 2014 are mostly Ukrainian governmental institutes but also include those from multiple other countries including Poland and Germany. Attacks against Georgia in 2008 which used the malware, the recent Russo-Georgian confrontation, and the current political situation between Russia and Ukraine, lead researchers to believe that the ‘Quedagh’ group is the APT behind the malware. On Wednesday, December 23, ...

Turkish Clicker: Check Point Finds New Malware on Google Play

 
The Check Point research team has discovered an extensive malware campaign on the Google Play™ store. Check Point Mobile Threat Prevention detected the first samples of malware we call “Turkish Clicker” on several customer devices.  The malicious code was found in the apps "Fruit Life," "City HD Wallpapers," and "Adiyef Puzzle." Google has removed all of these apps from Google Play.   Like BrainTest, which Check Point researchers discovered in September 2015, this demonstrates how easy it is for fraudsters to publish malicious apps on official app stores like Google Play. What is Turkish Clicker? This malware is part of an ad network with a Command & Control (C&C) ...

You’re watching TV – Is it also watching you?

 
The Internet of Things (IoT) revolves around machine-to-machine communication, and it’s growing exponentially. Sure, it sounds like a great idea when we can use smart devices to connect to the Internet at a moment’s notice. However, most consumers don’t fully understand the security vulnerabilities.  Let’s take a look at EZCast. It’s an HDMI dongle-based TV streamer that converts your regular TV into a smart TV and allows you to connect to the Internet and other media. It’s controlled through your smartphone device or your PC. With this dongle, you can easily connect your TV with your PC to view and transfer videos, photos, music and files.    Getting in is easy ...

CHECK POINT THREAT ALERT: SHODAN

 
EXECUTIVE SUMMARY Shodan (https://www.shodan.io/) is a search engine that uses a variety of filters to find devices, such as computers, routers, and servers, which are connected to the Internet. Shodan collects data mostly on web servers (HTTP port 80), but there is also data about FTP (21), SSH (22), Telnet (23), SNMP (161) and SIP (5060) services. Shodan is often dubbed as “Google for hackers”, as it exposes vulnerable devices. DESCRIPTION Shodan is a scanner which can find systems connected to the Internet, including traffic lights, security cameras, home heating systems and baby monitors, as well as SCADA system such as gas stations, water plants, power grids and ...