2016 H2 Global and Regional Threat Intelligence Trends

 
Introduction New, sophisticated threats continue to emerge on a daily basis across multiple platforms: social media, mobile platforms, email, and web pages. At the same time, prominent malware and attack methods continue to evolve, bypassing existing security solutions, and tailoring attacks against the largest companies in the world. The devices we use every day are now subject to compromise and can be leveraged for attacks. Even the recent U.S. elections were targeted with significant attacks. The Check Point 2016 H2 Global Threat Intelligence Trends report provides you with the best overview of the cyber landscape; threats, data breaches, trends, attacks and predictions, based on data ...

Charger Malware Calls and Raises the Risk on Google Play

 
Several weeks ago, Check Point Mobile Threat Prevention detected and quarantined the Android device of an unsuspecting customer employee who downloaded and installed a 0day mobile ransomware from Google Play dubbed “Charger.” This incident demonstrates how malware can be a dangerous threat to your business, and how advanced behavioral detection fills mobile security gaps attackers use to penetrate entire networks.   Charger was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user’s device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding ...

A Whale of a Tale: HummingBad Returns

 
  Check Point researchers have found a new variant of the HummingBad malware hidden in more than 20 apps on Google Play. The infected apps in this campaign were downloaded several million times by unsuspecting users. Check Point informed the Google Security team about the apps, which were then removed from Google Play. This new variant, dubbed ‘HummingWhale,’ includes new, cutting edge techniques that allow it to perform ad fraud better than ever before.   HummingBad is a malware first discovered by Check Point on customer’s devices in February 2016. HummingBad stands out as an extremely sophisticated and well-developed malware, which employed a ...

Join Check Point at SecTor to learn how to go beyond traditional security with advanced threat prevention

 
Next week, Check Point will be at SecTor, Canada’s premier IT security education conference. The conference brings the world’s brightest (and darkest) minds together to identify, discuss, dissect and debate the latest digital threats facing corporations today. The conference has assembled a line-up of industry experts who will share some of the most engaging, educational and thought-provoking security sessions in the industry.   With the threat landscape rapidly evolving, advanced malware and zero day threats will leave your traditional security approaches in the dust. Legacy security architectures and tools will expose your infrastructure to cyber risks and challenges never ...

DIY Attribution, Classification, and In-depth Analysis of Mobile Malware

 
The security research community has been dealing with malware attribution and classification for decades. The benefits of this process for PC-based malware are myriad and well known. Check Point has followed the same process for multiple malware campaigns during the last year, including Volatile Cedar, Rocket-Kitten, and the Nuclear Exploit Kit. In fact, the PC malware research field is so mature that many security-savvy enterprises now have their own internal teams of cyberanalysts. These teams conduct in-depth malware research as part of their incident response and threat intelligence duties with a focus on their organization’s specific needs, domains, and adversaries. However, ...

From HummingBad to Worse: New In-Depth Details and Analysis of the HummingBad Android Malware Campaign

 
For five months, Check Point mobile threat researchers had unprecedented access to the inner-workings of Yingmob, a group of Chinese cyber criminals behind the HummingBad malware campaign. HummingBad is a malware Check Point discovered in February 2016 that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps. Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organized with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components. Download our report “From HummingBad to Worse” ...

Hack In The Box: Mobile Attackers Are Listening In

 
While most mobile attacks require some level of interaction with the user, Man-in-The-Middle (MiTM) attacks can achieve their goal without the user ever knowing they occurred. This type of attacks allows attackers to eavesdrop, intercept and alter traffic between your device and any other counterpart. There are several ways by which hackers can execute such attacks, the most prominent of which is using a spoofed hotspot. Many attackers establish fake hotspots with names similar to legitimate hotspot names, for example, “Starbucks Coffee” instead of “Starbucks.” Unaware, the user connects to the malicious hotspot. Once the user tries to connect to the server, the hacker uses his ...

In The Wild: Never a Dull Moment with Mobile Malware

 
Mobile malware learns fast. Every time new security measures come along, malware somehow manages to find a way to overcome them. This week we bring you such a story, with further details about Viking Horde, a botnet found by Check Point on Google Play. The malware is capable of bypassing even Android’s latest OS security mechanisms. Meet the Vikings: Part III The Check Point research team uncovered a new Android malware campaign on Google Play it calls Viking Horde. Viking Horde conducts ad fraud, but can also be a launchpad for attacks like DDoS, spam messages, and more. Viking Horde managed to bypass Google Play malware scans masquerading as five different apps so far. The research ...

Hack In The Box: Mobile Malware Goes In For The Kill

 
For attackers, installing a Trojan on your mobile device is the best way to attack it. Mobile malware provides attackers with a full arsenal of capabilities they can use to conduct several types of attacks including surveillance, info-stealing, ransomware, fraud, and much more. Surveillance malware, for instance, can track location, extract call logs, files, and SMS messages, log keyboard activity, take screenshots, and even record video and audio using the device camera and microphone. However, for each of these features, the malware must have the right code. Malware writers do their best to disguise incriminating code segments. Even code for legitimate apps looks like a tangled map ...

OEMs Have Flaws Too: Exposing Two New LG Vulnerabilities

 
Check Point disclosed today two vulnerabilities (CVE-2016-3117, CVE-2016-2035) which can be used to elevate privileges on LG mobile devices to attack them remotely at the LayerOne 2016 conference in Los Angeles. LG issued fixes for both vulnerabilities which Check Point made LG aware of before disclosing them publicly. These vulnerabilities are unique to LG devices which account for over 20% of the Android OEM market in the US, according to a 2016 survey. The first vulnerability allows a malicious app installed on an LG device to abuse the lack of bind permissions in an LG service and to elevate its privileges, allowing additional control of the device. The second vulnerability ...