Check Point Blog

Welcome to the Check Point Blog where you will find posts tagged in two categories:

  • Threat Research: Research findings, threat intelligence, and perspectives from Check Point’s research teams
  • Security Insights: Perspectives on current events and the security landscape from Check Point thought leaders


Get started by choosing a category, or read them all!

Sort blog posts by:  

Stopping Your Staff from Raining Data from the Cloud

 
No matter what your company’s official position is on the use of cloud services, your employees absolutely depend on them as part of their day-to-day work. The problem: the services they tend to use usually aren’t the ones you want them to use. A 2015 study of cloud usage found that employees were using 15 times more cloud services than their IT departments estimated or authorized; an average company also uses over 1,100 cloud services, of which just 8% meet the data security and privacy requirements of enterprises. In light of this, it’s no surprise that data breaches from cloud services happen frequently. An October 2016 Ponemon study of nearly 650 IT professionals in North ...

Best-of-breed security for hybrid clouds

 
Wouldn’t it be great if you could make a fresh start with your organization’s IT infrastructure? Unfortunately, unless you’re a start-up, most enterprises don’t have the luxury of starting with a clean slate. Instead, the majority of us have to make the most of a hybrid of legacy apps and existing investments with new cloud deployments to keep pace with business demands. A recent survey by Verizon and Harvard Business Review highlighted this issue. It found that 63% of organizations are pursuing a hybrid cloud approach to improve their competitiveness, yet a third (32%) were struggling to integrate cloud with other systems. For many organizations, their IT infrastructure will ...

Google’s annual Android security report illustrates Check Point’s dominance in mobile threat defense research

 
Google published its annual security report yesterday for the Android ecosystem. The report includes many commendable efforts by Google to improve the security of users, and fight back against the raging surge of malware. One of the major actions Google has introduced this year was working alongside security vendors to eradicate malware from the ecosystem, a task Check Point was happy to contribute to. 70% of the malware Google cites in the report was discovered and brought to the public attention by Check Point’s mobile security researchers. This is a good indication of the major role played by Check Point's researchers in protecting the entire mobile ecosystem, while identifying and ...

Ransomware– Not Only File Encryption

 
Ransomware is an ever-increasing threat worldwide, claiming new victims on a regular basis with no end in sight. While most ransomware families prevent the victims from accessing their documents, pictures, databases and other files by encrypting them and offering a decryption key in return for a ransom payment, others use different, but no less creative ways to extract payment from their victims. Here are some examples:    IoT ransomware Smart devices are known to be a soft spot targeted by threat actors for various purposes. In August 2016, security researchers demonstrated their ability to take control of a building’s thermostats and cause them to increase the temperature ...

Swearing Trojan Continues to Rage, Even After Authors’ Arrest

 
Researchers with Tencent Security recently disclosed details about Swearing Trojan, a mobile banking malware that attacked users in China. Swearing Trojan’s name comes from Chinese swear words found inside the malware’s code. The malware infected a wide spread of Android users in China, stealing their bank credentials and other sensitive personal information. Similar to mobile banking Trojans discovered previously, Swearing Trojan can steal personal data and it can bypass 2-factory authentication (2FA) security. Banking apps use two-factor authentication as a way to secure access by sending a one-time code to the user via SMS in addition to having a user enter his or her password. By ...

Get off my (private) cloud

 
As enterprises transform their physical data centers to private and hybrid cloud models, how should they secure these new environments, keeping threats and attackers off their cloud? A new era of virtualization, automation and Anything-as-a-Service (XaaS) is being ushered in at a blistering pace, driving greater efficiencies and cost savings while dramatically changing the way businesses roll out new applications and services. And as Mick Jagger was fond of saying: “But it’s all right now, in fact it’s a gas!” It really can be all right if you understand how this new model doesn’t inadvertently introduce new risks or expose your business to more threats. The trends are ...

Check Point Discloses Vulnerability that Allowed Hackers to Take over Hundreds of Millions of WhatsApp & Telegram Accounts

 
One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp, Telegram and other end-to-end encrypted chat applications. While this has yet to be proven, many end-users are concerned as WhatsApp and Telegram use end-to-end encryption to guarantee user privacy. This encryption is designed to ensure that only the people communicating can read the messages and nobody else in between. Nevertheless, this same mechanism has also been the origin of a new severe vulnerability we have discovered in both messaging services’ online platform – WhatsApp Web and Telegram Web. The online version of ...

Merry X-Mas Ransomware Decryption Tool

 
Merry X-Mas is a ransomware that was first spotted in the wild on January 3, 2017. Upon successful infection, the ransomware encrypts victims’ files and presents a “Merry Christmas” ransom note with a holiday-themed design and a demand for payment to regain access to the files. The malware was first distributed through a spam campaign which claimed to be from the Federal Trade Commission. When the victim clicked the link in the email, it caused a zipped file with the extension pdf.exe to download. Disguised as a legitimate PDF file, this was actually the Merry X-Mas dropper.   The malware’s second attack wave came a few days later on January 8, with a similar spam ...

Hancitor Makes First Appearance in Top Five ‘Most Wanted’ Malware in Check Point’s February Global Threat Impact Index

 
Hancitor has surged into the top five of our ‘most wanted’ malware families worldwide for the first time, according to the new February Global Threat Impact Index from our Threat Intelligence Research Team. The downloader, which installs malicious payloads such as Banking Trojans and ransomware on infected machines, climbed 22 places after more than tripling its global impact in the past month. Also known as Chanitor, Hancitor is usually delivered as a macro-enabled Office document in phishing emails with "important" messages such as voicemails, faxes or invoices. The index ranked Kelihos, a botnet used in spam campaigns, as the most prevalent malware family overall, with 12% of ...

Three Key Takeaways from WikiLeaks’ Release of CIA Documents

 
The latest revelations by WikiLeaks, collectively called the “Vault 7 Leak”, have caused quite a commotion in the security world, reinvigorating myths that were previously viewed as theoretical. There are already several lessons to be learned from WikiLeaks’ most recent data dump, and we offer you three top takeaways from the initial document disclosure.   1. Every connected device can be hacked The publication details exploitation techniques for all sorts of electronic devices: from PCs and laptops, to mobile devices, and even to Smart TVs and connected cars. While these techniques are not groundbreaking, the sheer scope of hackable devices revealed in the CIA trove is ...