May’s Most Wanted Malware: Fireball and Wannacry Impact More Than 1 in 4 Organizations Globally

 
Check Point’s latest Global Threat Impact Index revealed more than one in four organizations globally was affected by the Fireball or Wannacry attacks during May-- in the company’s latest Global Threat Impact Index.   The top three malware families that impacted networks globally were zero-day, previously unseen attacks.  Fireball impacted one in five organizations worldwide, with second-placed RoughTed impacting 16% and third-placed WannaCry affecting nearly 8% of organizations globally.   The most prevalent malware highlight cyber-criminals are utilizing and impacting all stages of the infection chain with a wide range of attack vectors and targets.  Fireball ...

The Judy Malware: Possibly the largest malware campaign found on Google Play

 
Check Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware ...

April’s Most Wanted Malware: Exploit Kit Attacks Continue, While Slammer Worm Resurfaces Again

 
Check Point’s latest Global Threat Impact Index detected a continued increase in the number of organizations being targeted with Exploit Kits, as Rig EK became the most prevalent form of attack, while there was also a resurgence in the Slammer worm detected, with 4% of businesses impacted.   Slammer resurfaced following a short hiatus, jumping back into the top three most popular malware families. The Slammer worm first emerged in 2003 and spread extremely rapidly.  It was developed to target Microsoft SQL 2000, and propagated so quickly that it was able to cause a denial of service condition on some affected targets. This is the second time the worm has entered the malware ...

Android Permission Security Flaw

 
Check Point researchers spotted a flaw in one of Android’s security mechanisms. Based on Google’s policy which grants extensive permissions to apps installed directly from Google Play, this flaw exposes Android users to several types of attacks, including ransomware, banking malware and adware. Check Point reported this flaw to Google, which responded that this issue  is already being dealt with in the upcoming version of Android, currently dubbed "Android O".   Technical Background: In Android version 6.0.0, dubbed “Marshmallow”, Google introduced a new permission model for apps. The new model consists of several groups of permissions, with permissions considered as ...

SandBlast Mobile receives highest security score in independent test

 
Great news!  Miercom conducted the first independent, hands-on test of mobile threat defense products and Check Point SandBlast Mobile received Miercom’s Certified Secure Award! This is Miercom’s highest award for achievement in competitive, hands-on testing and according to the firm, “Check Point could detect and block 100% of malicious applications and network attacks and mitigate all device vulnerabilities, regardless of operating system.” The SandBlast Mobile team is proud to deliver this test and report to you. Founded in 1998, Miercom is a leading independent tester of network and security products from routers and switches to anti-virus and advanced threat ...

Survey: Enterprise security pros doubtful they can prevent mobile breaches

 
At least once a week – usually after pounding on my iPhone to access a business document, texting a family member, and calling a colleague on another continent, all in a matter of minutes – I’m reminded how complete the shift to mobile computing has been. It’s hard imagining what it was like working without our trusted smartphones and tablets. Mobile devices are indeed critical to getting work done in 2017. They are also treasure troves of personal and business data. And there are threat actors out there who want to get their hands on that data. We learned long ago to secure our PCs from cyberattacks, but it’s puzzling why most businesses still fail to secure employees’ ...

Google’s annual Android security report illustrates Check Point’s dominance in mobile threat defense research

 
Google published its annual security report yesterday for the Android ecosystem. The report includes many commendable efforts by Google to improve the security of users, and fight back against the raging surge of malware. One of the major actions Google has introduced this year was working alongside security vendors to eradicate malware from the ecosystem, a task Check Point was happy to contribute to. 70% of the malware Google cites in the report was discovered and brought to the public attention by Check Point’s mobile security researchers. This is a good indication of the major role played by Check Point's researchers in protecting the entire mobile ecosystem, while identifying and ...

Hancitor Makes First Appearance in Top Five ‘Most Wanted’ Malware in Check Point’s February Global Threat Impact Index

 
Hancitor has surged into the top five of our ‘most wanted’ malware families worldwide for the first time, according to the new February Global Threat Impact Index from our Threat Intelligence Research Team. The downloader, which installs malicious payloads such as Banking Trojans and ransomware on infected machines, climbed 22 places after more than tripling its global impact in the past month. Also known as Chanitor, Hancitor is usually delivered as a macro-enabled Office document in phishing emails with "important" messages such as voicemails, faxes or invoices. The index ranked Kelihos, a botnet used in spam campaigns, as the most prevalent malware family overall, with 12% of ...

Charger Malware Calls and Raises the Risk on Google Play

 
Several weeks ago, Check Point Mobile Threat Prevention detected and quarantined the Android device of an unsuspecting customer employee who downloaded and installed a 0day mobile ransomware from Google Play dubbed “Charger.” This incident demonstrates how malware can be a dangerous threat to your business, and how advanced behavioral detection fills mobile security gaps attackers use to penetrate entire networks.   Charger was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user’s device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding ...

A Whale of a Tale: HummingBad Returns

 
  Check Point researchers have found a new variant of the HummingBad malware hidden in more than 20 apps on Google Play. The infected apps in this campaign were downloaded several million times by unsuspecting users. Check Point informed the Google Security team about the apps, which were then removed from Google Play. This new variant, dubbed ‘HummingWhale,’ includes new, cutting edge techniques that allow it to perform ad fraud better than ever before.   HummingBad is a malware first discovered by Check Point on customer’s devices in February 2016. HummingBad stands out as an extremely sophisticated and well-developed malware, which employed a ...