April’s Most Wanted Malware: Exploit Kit Attacks Continue, While Slammer Worm Resurfaces Again

 
Check Point’s latest Global Threat Impact Index detected a continued increase in the number of organizations being targeted with Exploit Kits, as Rig EK became the most prevalent form of attack, while there was also a resurgence in the Slammer worm detected, with 4% of businesses impacted.   Slammer resurfaced following a short hiatus, jumping back into the top three most popular malware families. The Slammer worm first emerged in 2003 and spread extremely rapidly.  It was developed to target Microsoft SQL 2000, and propagated so quickly that it was able to cause a denial of service condition on some affected targets. This is the second time the worm has entered the malware ...

DiamondFox modular malware – a one-stop shop

 
Check Point researchers have conducted a thorough investigation of the DiamondFox malware-as-a-service in collaboration with Terbium Labs, a Dark Web Data Intelligence company. The report includes a review of the malware’s sales procedure and customer reviews, as well as a full technical analysis of its multiple plugins. For the full DiamondFox report click here. Check Point Threat Intelligence teams constantly track the latest attack trends, campaigns and attack methods to maintain an up-to-date and  accurate view of the cyber threat landscape. In recent years, an effective new business method has penetrated the thriving malware and attack tools market and led to the establishment ...

Debug Instrumentation via Flash ActionScript

 
Browser plug-ins have always been an attractive target for attackers to exploit. In the last couple of years, the most prevalent attack platform was undoubtedly – Flash. With 250+ CVEs in 2016 alone, and incorporation in practically every exploit kit, Flash exploits are everywhere and deserve our attention. As researchers, we stumble upon many cases where we are required to analyze exploits found in the wild and collect as much information as possible regarding the exploit`s internal workings. This process quite often proves to be tedious and very time consuming, making the research task far from optimal. As most of an exploit’s juicy parts (such as ROP chains, Shellcodes and ...

Update – OSX/Dok Campaign

 
Our ongoing investigation of the OSX/DOK campaign has led us to detect several new variants of this malware. These new variants have the same functionality as the previous ones, and are designed to give the attackers complete access to all victim communications. This includes communication encrypted by SSL, by redirecting the victims’ traffic through a malicious proxy server. Following Apple's revocation of the previous developer ID, it appears that the attackers have quickly adapted and have begun using a new Apple developer ID. The attackers seems to have quickly adapted to Apple’s revocation of their previous developer ID, by signing these new variants with a new developer ...

OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic (updated)

 
People often assume that if you’re running OSX, you’re relatively safe from malware. But this is becoming less and less true, as evidenced by a new strain of malware encountered by the Check Point malware research team. This new malware – dubbed OSX/Dok -- affects all versions of OSX, has 0 detections on VirusTotal (as of the writing of these words), is signed with a valid developer certificate (authenticated by Apple), and is the first major scale malware to target OSX users via a coordinated email phishing campaign. Once OSX/Dok infection is complete, the attackers gain complete access to all victim communication, including communication encrypted by SSL. This is done by ...

Banking trojans are on the rise: here’s how to avoid being robbed

 
Banking trojans are helping cybercriminals to commit the perfect crime:  stealing money from the accounts of unsuspecting victims, almost untraceably and at minimal risk.  As such it’s no surprise that from June to December 2016, banking trojans were only fractionally behind ransomware in being the most prevalent type of malware, and in Asia-Pacific countries they far outstripped ransomware in the number of attacks.  So how do banking trojans work, and how can users protect themselves against an online bank robbery? First, banking trojans are among the stealthiest of all malware types.  After a banking trojan infects a user’s PC or web browser, it will lie dormant and wait for ...

SandBlast Mobile receives highest security score in independent test

 
Great news!  Miercom conducted the first independent, hands-on test of mobile threat defense products and Check Point SandBlast Mobile received Miercom’s Certified Secure Award! This is Miercom’s highest award for achievement in competitive, hands-on testing and according to the firm, “Check Point could detect and block 100% of malicious applications and network attacks and mitigate all device vulnerabilities, regardless of operating system.” The SandBlast Mobile team is proud to deliver this test and report to you. Founded in 1998, Miercom is a leading independent tester of network and security products from routers and switches to anti-virus and advanced threat ...

The Unbearable Lightness of Operating Web-Based Attacks: How easy it is to steal money from IE 8.0-11.0 users

 
Looking back at the past year, there is no doubt that the malware-as-a-service industry, which sells and trades malware samples, attack tools, and a variety of services, is thriving. It means that cyber criminals with low technical skills can easily purchase attack tools from more advanced hackers, vastly increasing the number of potential attackers, attacks, and victims. Cerber, a ransomware-as-a-service operation, was one of the most dominant and profitable ransomware variants of 2016. Last December, a new DDoS (Distributed Denial of Service) collaborative effort dubbed Sledgehammer made headlines due to its unique operation mode. Participants were asked to attack targeted political ...

March’s ‘Most Wanted’ Malware List: Exploit Kits Rise Again in Popularity

 
Old malware rarely dies:  it just lies dormant for a while.  This was one of the key findings of the Check Point Research Team’s latest Global Threat Impact Index, which saw a surge in the usage of Exploit Kits during March, following a steady decline in usage since a high point in May 2016. Exploit Kits are designed to discover and exploit vulnerabilities on machines in order to download and execute further malicious code.  The leading variants were Angler and Nuclear, and their demise saw Exploit Kits fall out of the leading malware used to launch attacks on organizations worldwide. However, in March, the Rig Exploit Kit shot up the rankings, being the second most prevalent ...

The latest findings on Chrysaor (Pegasus for Android) are even more stealthy

 
Earlier this week Google published a research about a new sophisticated spyware tool for Android, believed to be related to the Pegasus malware for iOS, which was discovered in August 2016. As Google wrote in their blog, the malware was most likely created by the authors of Pegasus – the NSO group, and shares many common features as Pegasus. What’s the big news? Chrysaor is a fully developed spy tool for Android devices, and can allow attackers to surveil their targets’ every move. Chrysaor has implemented elaborate modules to listen in on conversations, take screenshots and surveil the device’s surroundings, steal sensitive data and read SMS messages. This malware presents a ...