In The Wild: Breaking Mobile Security Paradigms… Again

 
Security researchers have shattered the mobile security paradigm once again. They’ve managed to bypass Android two-factor authentication, and iOS is proven vulnerable again both to exploits and malware. It has become very clear: traditional defenses are simply not enough. Users must implement advanced measures to stay safe. Two Factor Authentication Bypass: There's No Place to Hide from "Everywhere Computing" 2FA is a security measure which authenticates the user’s identity using more than one method. The most common example is a use of a one-time passcode sent by SMS on top of the regular password. Today, 2FA is what stops cyber-criminals that have access to your browser from ...

Marcher Marches On: The Anatomy of a Banker Malware

 
Not very often do we have the chance to observe the full flow of an attack. Usually, we can analyze the malware itself and, in some cases, we manage to identify the infiltration vector. But today we’re laying out the full attack flow of the infamous Marcher mobile banker malware. Overview The Marcher banker malware first appeared in 2013 and targeted mostly Russian users. The banker malware first targeted only Google Play users to steal their credit card information by showing users fake credit card entry page. But by March 2014, it had evolved and added bank credential theft to its arsenal and was now targeting German bank users. Recently, Marcher resurfaced with a new campaign ...

Check Point Threat Alert: CryptXXX Ransomware

 
CryptXXX ransomware has been observed in the wild as of March 2016, delivered via the Angler Exploit Kit and spread through the Bedep trojan. The ransomware is demanding a $500 ransom to be paid in order to recover the encrypted files on a machine, and provides the victim the possibility to decrypt one file for free. If the victim does not pay the ransom after a few days the demand is doubled. It appears that the new ransomware is operated by the same threat actors behind the Reveton ransomware, and due to similarities in the infection vector and in the code, it is suspected that there is a connection between the actors and the operators of the Angler exploit kit. On April 26, Kaspersky ...

Digging Deeper: How Ransomware and Malware use Microsoft Windows’ Known Binaries

 
Since Windows 7 is the most popular operating system (OS) among PCs, many malware choose to target it. Malware often do so by using Windows’ very own artifacts.  During 2015, Windows artifacts were increasingly abused for malicious operations. For attackers, this is an effective technique, since these artifacts are always present in a Windows environment. Processes that masquerade as valid Microsoft processes raise less suspicion and are likely to be overlooked by ordinary users. We will review examples of processes used by malware, as well as the malware themselves. Some examples for Windows processes used by malware are svchost.exe, explorer.exe and Sdbinst.exe. These processes are ...

Android Security 2015 Year In Review: What Isn’t Google Telling You?

 
For the second year in a row, Google released its annual report which details “how Google Services protect the Android ecosystem.” On the surface, the Android Security 2015 Year In Review is a compelling argument for how Google’s advances in mobile security give users greater confidence that Android can protect sensitive data on smartphones and tablets. However, if you read between the lines, you can see that significant vulnerabilities still plague Android, leaving users worldwide exposed to risk. Google’s reporting on Potentially Harmful Apps or PHAs says that overall, “PHAs were installed on fewer than 0.15% of devices that only get apps from Google Play.” Let’s assume ...

In The Wild: Google Can’t Close the Door on Android Malware

 
Mobile Security Observations from the Check Point Research Team After its presentations about “SideStepper” and trends in mobile attacks in BlackHat Asia, the Check Point mobile research team wasn’t surprised to find that the trends it pointed out continue. Google Play has been infiltrated by malware yet again, and as our colleague Avi Bashan pointed out about previous attacks on official app stores, the team has found additional samples of the malware in Google Play, even after it was supposedly cleaned. The malware is “Android.Spy.277.origin” which infiltrated more than 100 apps on Google Play. The apps deceived user by being disguised as popular legitimate apps. Once the ...

Forrester Names Check Point a ‘Leader’ in Automated Malware Analysis

 
Organizations are facing the latest variants of sophisticated malware every day, and it is evident that traditional solutions are no longer effective in detecting and stopping these new threats. At Check Point, we continuously strive to deliver advanced security solutions that protect businesses against known, unknown and zero-day attacks. That is why we are pleased to share that Check Point has been positioned as a leader by Forrester Research in their new report, The Forrester WaveTM: Automated Malware Analysis, Q2 2016. Those who are familiar with The Forrester Wave know that it is a trusted resource for technology buyers to learn about more ways they can protect their business ...

Top 4 Ways Employees Compromise their Corporate Data via Cloud Services

 
Recent research by Gartner showed that “Through 2020, 95% of cloud security breaches will be the customer’s fault.” Massive cloud adoption by enterprises has given rise to a shared responsibility approach in securing cloud usage, where the service provider undertakes the responsibility of the infrastructure and the customer takes responsibility of the users, content and applications that utilize the cloud service. In recent years, we have seen significant improvements in security infrastructure by cloud service providers, but the customer side of the responsibility, more specifically employee behavior and usage, often remains the weakest link in the security chain. Changing ...

Inside Nuclear’s Core: Analyzing the Nuclear Exploit Kit Infrastructure

 
Malware use different methods to propagate. Exploit kits (EKs) have been one the most common platforms for infecting end-users in the past few years. While there are several different EKs out in the wild, there are a few that stand out. One of these is the Nuclear Exploit Kit, which was introduced in 2010. As part of the Malware-as-a-Service market, most exploit kits are rented by their creators to attackers worldwide for a certain period of time. All you need to do to have an up-and-running attack infrastructure is to rent it through an underground community and voilà, you can now infect users with the malware of your choice. Leading exploit kits are sold in cybercriminal circles for a ...

Unleash the Power of Security for Businesses of All Sizes

 
When we introduced the 15000 and 23000 series appliances in January, giving our large enterprise and data center network customers a giant step ahead of cyber threats and malware, it raised a logical question: what about businesses of other sizes and their networks? After all, smaller organizations and branch offices are ripe targets for cybercriminals looking for easy pickings or making inroads into larger corporate networks. Why are these smaller locations such attractive targets? Small businesses, remote, and branch offices often don’t feel the need to implement the same advanced security protections that safeguard enterprise data centers or large campus networks. Looking into this ...