Physical Attack Can Breach Cryptographic Security for Mobile Devices

 
Researchers from the Check Point Institute for Information Security at Tel Aviv University have discovered that the encryption mechanism used for securing money transfers on mobile phones can be broken using a simple piece of $2 equipment. Cryptographic software, intended to protect sensitive data on mobile phones, uses a digital signature algorithm, called ECDSA. This algorithm unintentionally exposes the cryptographic keys through physical side channels when used on a mobile device. The device experiences changes in its electromagnetic radiation, as well as in its power consumption, in accordance with the data it’s encrypting. This means a cyber criminal could circumvent ...

Over the Garden Wall: Is iOS Security As Secure As You Think?

 
Apple is known to be very keen on securing its users’ devices to protect them from attacks, but many different attack vectors have managed to bypass the security features of iOS. Today's post provides a high-level overview of the six most common types of attacks that impact iOS devices. We'll follow-up on these with a series of blog posts that expand on these iOS attack vectors. Jailbreaking No matter how hard Apple tries, it just can't seem to lock out jailbreaks. In fact, the Pangu jailbreaking team announced last week it had released a successful jailbreak for iOS 9.1. Jailbreaking continues to be a major problem that undermines the entire iOS security framework. Some users ...

Rethinking Security Operations

 
As recently as a few years ago, managing security was relatively straightforward, since the business and network environment was relatively static. However, with the emergence of disruptive technologies such as cloud, mobility and potentially the Internet of Things (IoT), the pace of business and network changes has accelerated to the point where security teams now have to deal with a constant state of change in the environment. With the dearth in experienced security professionals, throwing more people at the problem is not an option. Even if that were an option, security processes that are mostly manual in nature and labor-intensive will result in an increase in configuration errors as ...

President Obama’s Cybersecurity Plan – Tackling a New Era of Security

 
The White House recently released the CNAP – Cybersecurity National Action Plan. This is a big step forward for securing the U.S., as it urges a 35 percent increase in cybersecurity expenses in the upcoming budget. The plan includes several policy points which are worth some discussion.   Acknowledging the importance of multi-factor authentication Single factor authentication is an outdated and almost irrelevant security measure. Switching to multi-factor authentication is well overdue. Moreover, it is important not to be content with only two-factor authentication as more and more malwares are able to bypass even this method. You can read our blog post for an example of ...

In The Wild: Mobile Security Observations from the Check Point Research Team

 
We saw last week just how fast the mobile world is advancing at the Mobile World Congress. Unfortunately, though, alongside all the shiny new devices comes new malware. This week we will review a few extremely interesting new malware, both in iOS and Android. In addition, we’ll take a look at a newly exposed proof of concept exploiting a known vulnerability. ZergHelper is No Help At All iOS is a secure environment, strictly controlled by Apple. Any developer's application published on the official App Store must first be reviewed by Apple. However, Apple provides two avenues through which the review can be bypassed: Developer and Enterprise certificates. Originally, these were ...

Threat Alert – KeRanger MAC OSX Ransomware

 
Overview A new ransomware dubbed ‘KeRanger’ was discovered on March 4, 2016. The malware is distributed via the Transmission BitTorrent installer version 2.90 for OSX. Unlike most ransomwares, the targeted operating system is Mac OSX, which makes KeRanger the first active ransomware to target this operating system. The compromised Transmission installer includes an executable disguised as an .rtf file. When the application is launched, the malware is copied to a file in the user Library folder. The process runs silently on the machine for three days, after which the malware begins encrypting files. KeRanger encrypts not only all files in the /Users folder, but also files ...

Top Malware Families Found in January 2016 Show DDoS on the Rise

 
Distributed denial of service (DDoS) attacks are common threats that companies of all sizes have to continuously face. The size of DDoS attacks targeting businesses has been getting bigger every year, and from the amount of cyberattacks that occurred in January, it’s critical that organizations protect themselves against such attacks.   Back in December 2015, we saw the number of active malware families increase by 25%. Now, Check Point’s ThreatCloud World Cyber Threat Map has identified more than 1,500 different malware families during January, continuing the growing trend we saw at the end of last year.   According to Check Point research, Conficker and Sality ...

Why Visibility Is Critical to Your Security Management Program

 
Today, managing security can be a complex endeavor. The growing complexity of networks, business requirements for innovation and rapid delivery of services and applications require a new approach to managing security. Traditional security management approaches of multiple point products, manual change processes, monolithic policies and data silos no longer work. Security needs to be agile, efficient and anticipate future threats.   Visibility The Oxford dictionary defines visibility as “the state of being able to see or be seen.” If we apply this definition to cybersecurity, and security management in particular, we can define security visibility as the ability to deliver ...

Targeted SSL Stripping Attacks Are Real

 
Having access to the Internet is critical for on-the-go professionals. So the convenience of open Wi-Fi hotspots often outweighs the risk these connections may not be safe. Recently, a senior executive and Mobile Threat Prevention customer at a large financial company connected her iPad to a local hotspot while traveling for business. But when she tried to access sensitive company information she was blocked because her device was under a targeted SSL stripping attack. SSL stripping attacks – defeating communication encryption In order to understand what an SSL stripping attack is, we first need to understand what SSL really is. SSL (Secure Socket Layer) is a secure protocol used to ...

Locky Ransomware

 
Locky is a new ransomware which encrypts the victim’s files and then demands a ransom paid in Bitcoins to decrypt these files. The main infection method is email messages with an attached Word document that contains a malicious macro. The macro runs a script which downloads the malware’s executable file, installs it on the victim’s computer, scans for files on the system, and encrypts them. Why is Locky special? Vast Distribution. In the past two weeks, Check Point analysts have noticed upward of 100,000 logs attempting to infect customers in more than 100 countries around the globe. Combined with Locky’s network encryption characteristic, the results are potentially ...