WannaCry – Paid Time Off?

 
Let us open with a TL;DR – DO NOT pay the ransom demanded by the WannaCry ransomware! Now, let us explain why: As of this writing , the 3 bitcoin accounts associated with the WannaCry ransomware have accumulated more than $33,000 between them. Despite that, not a single case has been reported of anyone receiving their files back. The decryption process itself is problematic, to say the least. Unlike its competitors in the ransomware market, WannaCry doesn’t seem to have a way of associating a payment to the person making it. Most ransomware, such as Cerber, generate a unique ID and bitcoin wallet for each victim and thus know who to send the decryption keys to. WannaCry, on ...

Global Outbreak of WannaCry

 
On May 12, 2017 the Check Point Incident Response Team started tracking a wide spread outbreak of the WannaCryp ransomware. We have reports that multiple global organizations are experiencing a large scale ransomware attack which is utilizing SMB to propagate within their networks.  To complicate matters there are a number of different campaigns ongoing so identifying specific infection vectors has been a challenge. For WannaCry the infection vector appears to be direct infection utilizing SMB as delivery method. Samples have been identified by Check Point Research Teams that contain variant “killswitch” domains and bitcoin addresses. All tested samples have been detected and ...

Three Key Takeaways from WikiLeaks’ Release of CIA Documents

 
The latest revelations by WikiLeaks, collectively called the “Vault 7 Leak”, have caused quite a commotion in the security world, reinvigorating myths that were previously viewed as theoretical. There are already several lessons to be learned from WikiLeaks’ most recent data dump, and we offer you three top takeaways from the initial document disclosure.   1. Every connected device can be hacked The publication details exploitation techniques for all sorts of electronic devices: from PCs and laptops, to mobile devices, and even to Smart TVs and connected cars. While these techniques are not groundbreaking, the sheer scope of hackable devices revealed in the CIA trove is ...

Tales from the Trenches: Modern Malware Requires Modern Investigation Techniques

 
The Check Point Incidence Response team was called in to assist a company who suffered a severe breach in their network, which was not previously protected by Check Point’s advanced protections. The team began to investigate and was extremely impressed by the malware’s tactics and sophisticated evasion techniques. The malware’s evasive nature required the team to use state-of-the-art investigation techniques to successfully remediate the network.   How it all began – inviting the malware in The breach originated in a keygen downloaded by one of the employees. While the keygen did actually work, it also contained a malicious component – the malware called ...

Trust No One – A Cyberworld Survival Guide

 
Cybercriminals are professional scammers; their specialty is tricking users into helping them achieve their malicious goals. Attackers use many different tactics, including spam, phishing emails, and fake ads. In each case, the unsuspecting user plays an active role in his own victimization when he clicks a link or opens an attachment. Recently, an unconventional campaign emerged in the wild which exploits its victims via live phone interaction. The campaign targets users who make a typo when entering a URL,   wwwcnbccom instead of wwwcnbccom, for example) or click what turns out to be a malicious link. The users are redirected to a malicious site containing a JavaScript that activates ...

Managing the Sheer Complexity of Data Center Security

 
The modern IT system is one of the most complex entities in the business landscape. Every device, server and component tied to the network must be managed and monitored. That’s a significant job for any IT department, but things can become especially complicated when it comes to enterprise data centers. Intricate and dynamic, the construction and maintenance of a data center environment must ensure essential business operations. In today’s breach-plagued landscape, that environment must also be secure. Unfortunately, this presents a challenge for many teams.   Consider the data center’s job. It needs to support the real and virtual services that carry out daily operations. ...

Stopping the Next Massive Cyberattack: 5 Steps to Stronger Security

 
The aftershocks of the 2014 breaches are still reverberating across the security landscape, and many organizations are starting to examine their own security programs, wondering how they can avoid becoming the next big breach story. It’s possible to prevent and mitigate future attacks, but that can’t happen relying on technology alone. By recognizing secure operations as their top priority, businesses can build a strong network architecture and security infrastructure to stop malicious activity. There are five preventive steps that can help any organization strengthen their security system and keep their networks safe.     Step 1: Assess Vulnerabilities and ...

Stopping the Next Massive Cyberattack – Step 5: Incident Response Plans

 
The Do’s and Don'ts of a Strong Incident Response Plan Check Point’s 2015 Security Report revealed that 81% of organizations said they experienced a data loss incident in the previous year. If there’s one conclusion we can draw from that, it’s that preparing a strong incident response (IR) plan is more critical than ever.   The right IR preparation can be the deciding factor between an extreme breach and a contained incident. Immediate action is crucial in the wake of an attack.  By eliminating uncertainty and debate, your IR plan will help your team act as a swift and a cohesive unit. Your organization can make smarter decisions, reduce damage and associated costs, ...

Stopping the Next Massive Cyberattack

 
Cybercriminals are quite pleased with themselves. Their recent handiwork has resulted in breaking news headlines, cover stories of major newspapers and banners flashing with details of the latest data breach. Unfortunately, the headlines displaying their successes leave their victims in a compromised, and often fiscal, mess. These cyber masterminds have become unpredictable in their methods and there is no telling who their next target is. Over the past few years, both large and small organizations, as well as, individuals have suffered drastic repercussions from data breaches. Witnessing these horrible losses has driven many organizations to implement new, stronger security measures to ...