Check Point R80.10 Maximizes Security and Minimizes Operational Overhead for CCI Nice Côte D’Azur, Creating a “WOW” Effect

 
Security threats and attackers continue to adapt their techniques, making it more difficult than ever for organizations to protect themselves. When the CCI Nice Côte D’Azur upgraded to Check Point’s R80.10 Security Management, it increased threat prevention performance, efficiency, and visibility while reducing operational overhead.   In a recent chat with Frédéric Achache, IT Projects Manager of CCI Nice Côte D’Azur, I gained some interesting behind-the-scenes perspectives on its security challenges. The CCI is a metropolitan and regional agency charged with promoting economic development across the Alpes-Maritimes Côte D’Azur region. In addition to headquarters, ...

Security Brief for Connected Automotives

 
Introduction       The question of which companies will dominate the automotive industry in coming years is being decided in the contest to produce Internet-connected cars. Intel predicts 120 million vehicles with varying degrees of automation will be on our roads by 2030. (Shot, 2016).The development and popular adoption of automotive data connectivity and autonomous navigation will have major consequences for IT professionals in many industries who will be expected to provide a variety of IT services to consumers and employees through cars that in themselves are mobile computing platforms. Automotive Security Issues Because connected cars intersect the categories of ...

April’s Most Wanted Malware: Exploit Kit Attacks Continue, While Slammer Worm Resurfaces Again

 
Check Point’s latest Global Threat Impact Index detected a continued increase in the number of organizations being targeted with Exploit Kits, as Rig EK became the most prevalent form of attack, while there was also a resurgence in the Slammer worm detected, with 4% of businesses impacted.   Slammer resurfaced following a short hiatus, jumping back into the top three most popular malware families. The Slammer worm first emerged in 2003 and spread extremely rapidly.  It was developed to target Microsoft SQL 2000, and propagated so quickly that it was able to cause a denial of service condition on some affected targets. This is the second time the worm has entered the malware ...

Check Point Reveals Global WannaCry Ransomware Infection Map at CPX Europe 2017

 
Check Point researchers have been investigating the ransomware campaign in detail since it was first reported. With a new Check Point WannaCry Ransomware Infection Map, the researchers were able to track 34,300 attack attempts in 97 countries. The average pace as of today is one attempt in every three second – indicating a slight decline since the original pace registered two days ago, of one attempt per second. The top country from where attack attempts were registered is India, followed by the USA and Russia.   Maya Horowitz, Threat Intelligence Group Manager at Check Point said, “Although we see it slightly slowing down, WannaCry still spreads fast, targeting organizations ...

CRYING IS FUTILE: SandBlast Forensic Analysis of WannaCry

 
Using the NSA exploit EternalBlue released by the Shadow Brokers, the WannaCry ransomware developers have added their names to malware lore. Given the number of institutions hit and the amount of media generated, it seemed appropriate to show what the ransomware actually does on a system through our SandBlast Agent Forensics product. The WannaCry outbreak has been a good test case for the recently launched SandBlast Anti-Ransomware. AR and Forensics work together as part of our SandBlast Agent product. As we had expected, Anti-Ransomware was up to the task and has successfully blocked all WannaCry samples we’ve thrown at it, without requiring any signatures or updates. For this ...

The mobile banker threat – from end to end

 
One of the most dangerous threats targeting mobile users is the banking malware. These malicious pieces of code are designed to steal financial information and transfer funds to their own accounts. Over the years, perpetrators successfully managed to overcome all obstacles set before them, such as the 2-Factor-Authentication security mechanism and defenses set in different Android versions. Surprisingly enough, mobile banking malware require relatively little technical knowledge to develop, and even less to operate. All the malware does is search for a banking app on the infected device and pop-up a fake overlay page once the user opens it. The user enters his credentials, which are sent ...

WannaCry – New Kill-Switch, New Sinkhole

 
Check Point Threat Intelligence and Research team has just registered a brand new kill-switch domain used by a fresh sample of the WannaCry Ransomware. In the last few hours we witnessed a stunning hit rate of 1 connection per second. Registering the domain activated the kill-switch, and these thousands of to-be victims are safe from the ransomware’s damage. Our research shows that the kill-switch works the same as in earlier versions, and the rest of the code is similar to the older versions. New kill-switch: ...

WannaCry – Paid Time Off?

 
Let us open with a TL;DR – DO NOT pay the ransom demanded by the WannaCry ransomware! Now, let us explain why: As of this writing , the 3 bitcoin accounts associated with the WannaCry ransomware have accumulated more than $33,000 between them. Despite that, not a single case has been reported of anyone receiving their files back. The decryption process itself is problematic, to say the least. Unlike its competitors in the ransomware market, WannaCry doesn’t seem to have a way of associating a payment to the person making it. Most ransomware, such as Cerber, generate a unique ID and bitcoin wallet for each victim and thus know who to send the decryption keys to. WannaCry, on ...

Global Outbreak of WannaCry

 
On May 12, 2017 the Check Point Incident Response Team started tracking a wide spread outbreak of the WannaCryp ransomware. We have reports that multiple global organizations are experiencing a large scale ransomware attack which is utilizing SMB to propagate within their networks.  To complicate matters there are a number of different campaigns ongoing so identifying specific infection vectors has been a challenge. For WannaCry the infection vector appears to be direct infection utilizing SMB as delivery method. Samples have been identified by Check Point Research Teams that contain variant “killswitch” domains and bitcoin addresses. All tested samples have been detected and ...

JAFF – A New Ransomware is in town, and it’s widely spread by the infamous Necurs Botnet

 
Necurs, one of the largest botnets, went offline during the holiday period of 2016 and through the beginning of 2017. However it returned only to shortly peak late in April, spreading Locky using malicious PDF documents. Today, May 11, Necurs started spreading a new ransomware called JAFF. Check Point’s global sensors have spotted as many as 40,000 emails in the last few hours, at an infection rate of approximately 10,000 emails sent per hour. Image 1: The JAFF ransomware ransom note (courtesy of MalwareHunterTeam)   Necurs has the reputation for being one of the 'best' malware distributors. In the past, it helped Locky and Dridex reach millions of victims, making them ...