Ransomware– Not Only File Encryption

 
Ransomware is an ever-increasing threat worldwide, claiming new victims on a regular basis with no end in sight. While most ransomware families prevent the victims from accessing their documents, pictures, databases and other files by encrypting them and offering a decryption key in return for a ransom payment, others use different, but no less creative ways to extract payment from their victims. Here are some examples:    IoT ransomware Smart devices are known to be a soft spot targeted by threat actors for various purposes. In August 2016, security researchers demonstrated their ability to take control of a building’s thermostats and cause them to increase the temperature ...

Merry X-Mas Ransomware Decryption Tool

 
Merry X-Mas is a ransomware that was first spotted in the wild on January 3, 2017. Upon successful infection, the ransomware encrypts victims’ files and presents a “Merry Christmas” ransom note with a holiday-themed design and a demand for payment to regain access to the files. The malware was first distributed through a spam campaign which claimed to be from the Federal Trade Commission. When the victim clicked the link in the email, it caused a zipped file with the extension pdf.exe to download. Disguised as a legitimate PDF file, this was actually the Merry X-Mas dropper.   The malware’s second attack wave came a few days later on January 8, with a similar spam ...

2016 H2 Global and Regional Threat Intelligence Trends

 
Introduction New, sophisticated threats continue to emerge on a daily basis across multiple platforms: social media, mobile platforms, email, and web pages. At the same time, prominent malware and attack methods continue to evolve, bypassing existing security solutions, and tailoring attacks against the largest companies in the world. The devices we use every day are now subject to compromise and can be leveraged for attacks. Even the recent U.S. elections were targeted with significant attacks. The Check Point 2016 H2 Global Threat Intelligence Trends report provides you with the best overview of the cyber landscape; threats, data breaches, trends, attacks and predictions, based on data ...

(Ir)responsible Disclosure

 
Computers have become an essential part of our lives, and in some cases, they are even responsible for keeping us alive. Our dependency to use computers for medical treatments such as diagnostic equipment, medical monitors and even life support is greater than ever. Technology has given the medical sector new and inspirational ways to continue to save people’s lives. However, with anything, it’s important to understand the possible risks.   A recent public vulnerability disclosure raised eyebrows and ethical questions around white hackers and how security vendors should best handle sensitive situations. On August 25, MedSec, a cybersecurity research company dedicated to serve ...

Weaponized WordPress Tools

 
WordPress is a free, open source content management system (CMS) for creating websites, and is considered to be the most popular blogging system in use. WordPress' appeal to website developers stems from its  free plugins and themes that are easily installed over the basic platform. These add-ons allow WordPress users to personalize and expand their websites and blogs. There are currently over 60 million WordPress websites worldwide.   Why Target WordPress? The availability of the platform’s code and its popularity make WordPress sites appealing targets for hacking and exploitation. In the past year, we have seen many WordPress attacks. One example is the April 2016 ...

Check Point Threat Alert: Badlock Vulnerability

 
EXECUTIVE SUMMARY An elevation-of-privilege vulnerability exists in Microsoft Windows and the Samba interoperability suite for Linux & UNIX. Attackers could launch a man-in-the-middle-attack and downgrade the authentication level of DCE/RPC channels, allowing them to impersonate authenticated users. Check Point’s latest IPS update protects against this vulnerability with the “Microsoft Windows RPC Authentication Downgrade (MS16-047)” protection.     DESCRIPTION A vulnerability exists in Microsoft Windows and in the Samba interoperability suite for Linux & UNIX. An attacker could launch a man-in-the-middle (MiTM) attack and downgrade the ...

Congrats! More than 7000 applications in your database

 
Security managers will appreciate Check Point’s Application Control Software Blade. With more than 7000 pre-defined and supported applications, Check Point provides the industry’s strongest application security and identity control to organizations of all sizes. It enables IT teams to easily create granular policies—based on users or groups—to identify, block or limit usage of web applications, network protocols and other non-standard applications.   Leading categories that can be enforced flexibly in the rule-base include business applications, social networking applications, file storage and sharing, media sharing, anonymizers, instant messaging and ...

Top Malware Families Found in January 2016 Show DDoS on the Rise

 
Distributed denial of service (DDoS) attacks are common threats that companies of all sizes have to continuously face. The size of DDoS attacks targeting businesses has been getting bigger every year, and from the amount of cyberattacks that occurred in January, it’s critical that organizations protect themselves against such attacks.   Back in December 2015, we saw the number of active malware families increase by 25%. Now, Check Point’s ThreatCloud World Cyber Threat Map has identified more than 1,500 different malware families during January, continuing the growing trend we saw at the end of last year.   According to Check Point research, Conficker and Sality ...

Phishing for Employees in Russia

 
During the period August 27-30, 2015, Check Point sensors recorded a large amount of logs generated by the IPS protection “PHP Print Remote Shell Command Execution.” This was an interesting anomaly, as we do not usually see high volume of logs from this protection. We started investigating the logs received from all sources, and noticed that they were all similar. The resources in all logs contained the following suspicious command: roskomnadzor=print-439573653*57; Looking at “roskomnadzor,” we found that this is the name of the Russian Federal Service for Supervision of Communications, Information Technology and Mass Communications (and that Russian people seem to be ...

Israeli Public Sector Targeted by Zeus Trojan Hidden in a Word Document

 
Two months ago, a malicious Rich Text Format (RTF) document came to the attention of Check Point Threat Intelligence & Research via a worried high-profile client in the public sector. The file had been sent to many employees, several of whom opened the file; as a result, their machines became infected. Check Point took actions to prevent this document from further infecting the customer’s network, and also analyzed the file to better understand the attack. The result was a discovery of a larger-scale campaign that has been targeting Israeli public and private organizations for some time.   The Investigation As the team conducted research it quickly became apparent that ...