Spear Phishing 2.0 Adds Social Engineering & VM Evasion

 
Spear phishing attacks are a rising threat faced by organizations. These well-planned attacks can deceive even the most cautious users. Unlike old-fashioned mass phishing attempts, these attacks are directed at specific individuals or companies and are tailor-made to fit their target. Used for a wide variety of reasons from stealing personal information or credentials to spreading malware, spear phishing attacks trick the user into performing a seemingly innocent action that results in serious consequences. The user may end up clicking on a malicious URL link, making a bank transfer, providing restricted information, or opening attachments that download malware. Recently, Check Point ...

Everyday Malware Poses a Risk to Critical Infrastructure

 
Many people believe that only state-sponsored attacks can endanger critical infrastructure. They claim that such elaborate malware capable of targeting the inner workings of Industrial Control Systems (ICS) are not the work of simple hackers. This flawed perception completely disregards the fact that ICS can fall victim to the most banal malware - and in fact recent attacks demonstrate this vulnerability. In April, a German nuclear plant was infected with old malware, including Conficker and W32.Ramnit, which are designed to allow remote control when connected to the internet. It remains unclear whether the plant’s OT system was infected as well. Even if only the IT systems were ...

Hack In The Box: How Attackers Manipulate Root Access and Configuration Changes

 
Securing iOS and Android smartphones and tablets is still a relatively new concept. Taking control of a mobile device was once considered an unlikely threat because it was hard to do. However, malware has moved forward, making attacks a more imminent threat. One of the causes for this is malware’s advances in attack capabilities. Technical procedures which were once the realm of hardcore, tech-savvy hackers have become common knowledge. The best example of this is rooting. Rooting a mobile device (or Jailbreaking, in the case of an iOS device) is a way of breaking out of predefined boundaries set by the operating system. Users can root devices to harness the full potential of their ...

Inside Nuclear’s Core: Unraveling a Ransomware-as-a-Service Infrastructure

 
The Check Point Research team has uncovered the entire operation of one of the world’s largest attack infrastructures. Exploit Kits are a major part of the Malware-as-a-Service industry, which facilitate the execution of ransomware and banking trojans, among others. Their creators rent them to cybercriminals who use them to attack unsuspecting users. Nuclear is one of the top Exploit Kits, both in complexity and in spread. We offer you the Inside Nuclear's Core: Unraveling a Malware-as-a-Service Infrastructure report, a unique, first-of-its-kind view into the heart of a cybercriminal syndicate. First, we review the Malware-as-a-Service infrastructure, created by the Exploit Kit’s ...

Introducing Check Point SandBlast™ Cloud

 
The increasing adoption of cloud-based email tools such as Microsoft Office 365™ allows businesses to efficiently communicate and collaborate, without investing resources in managing and maintaining their own dedicated IT infrastructure. However, the shift to cloud-based tools also brings with it an array of security risks, including sophisticated attacks like spear-phishing and ransomware that use email as a primary entry point, resulting in financial impact, data loss and lost productivity. In most organizations, protection for cloud-based email is still limited to traditional solutions that only detect previously known threats. This leaves organizations vulnerable to sophisticated ...

The Notorious TeslaCrypt V3 Ransomware: A Comprehensive Analysis

 
As the current wave of ransomware rages on, one stands out in its ability to adapt: TeslaCrypt. Although it emerged only in 2015, we are currently witnessing the malware’s third generation. Since its debut, it has transformed itself, fixing its flaws and vastly improving its ability to evade detection. It has also expanded its distribution methods, which now include using exploit kits. As part of our ongoing efforts to understand and protect against the latest new and emerging malware, Check Point researchers have thoroughly studied TeslaCrypt version 3.0.1. Our report, Looking Into TeslaCrypt V3.0.1, provides a detailed analysis of the malware and its operation and presents several ...

Hack In The Box: System Vulnerabilities Can Leave Mobile Devices Exposed

 
System vulnerabilities are a major threat facing users and enterprises today, and these need to be remedied thoughtfully. Since these vulnerabilities don’t require social engineering schemes to become exposed, and because they have an alarmingly high success rate, they are also one of the easiest ways to attack Android and iOS devices. The constant release of numerous security patches -- which are never enough to keep users safe – leaves a number of different in-market versions of both operating systems. These patches get released after significant delays, allowing attackers to thrive on vulnerabilities from the moment they are discovered until they are finally fixed. The longer ...

Viking Horde: A New Type of Android Malware on Google Play

 
The Check Point research team uncovered a new Android malware campaign on Google Play it calls Viking Horde. Viking Horde conducts ad fraud, but can also be used for other attack purposes such as DDoS attacks, spam messages, and more. At least five instances of Viking Horde managed to bypass Google Play malware scans so far. Check Point notified Google about the malware on May 5, 2016. On all devices -- rooted or not -- Viking Horde creates a botnet that uses proxied IP addresses to disguise ad clicks, generating revenue for the attacker. A botnet is a group of devices controlled by hackers without the knowledge of their owners. The bots are used for various reasons based on the ...

In The Wild: Mobile Malware Follows in the Steps of its PC Cousins

 
Mobile Security Observations from the Check Point Research Team Mobile malware is still a growing phenomenon and, in many cases, follows the lead set by predecessors in the PC world. This week the Check Point research team encountered different mobile malware that adopted techniques previously known only in the PC world. This is not a new trend, and our team expects it will grow even further. Drive-by Attacks Go Mobile Drive-by attacks using exploit kits have been around for a long time and are among the most common ways to infect PCs. In mobile, they are much less common, but there’s a new mobile ransomware campaign that uses a combination of two known exploits to infect mobile ...

The Unknown Threats Will Get You, Every Time

 
Craig Dunaway didn't see it coming. His company, restaurant chain Penn Station, had done everything possible to secure its sensitive data and that of its customers. Even still, Dunaway, the president of Penn Station, would learn in 2012 about an unusual security breach. Malware secretly uploaded to Penn Station's network had been stealing credit card information from point-of-sale (PoS) terminals at 80 of its 238 locations. Penn Station learned of the breach, which had been going on for weeks, only after a customer called to report a compromised credit card shortly after dining at a one of its restaurants. "I wish I would have known how sophisticated and how ramped these attacks ...