When you look at files from your cloud, are they looking back at you?

 
When your users look at files served from your cloud platform, files that have tracking pixels could be looking back — revealing more than you should to outsiders about users and infrastructure. Security researchers are finding tracking pixels implicated in attacks on enterprises. So, if your IT workloads are on a cloud platform, you should add pixel tracking to your list of cloud security issues. Here is how pixel tracking works and how attackers are co-opting this marketing tool to compromise security at enterprises. Tracking pixels – also called web beacons, tracking beacons, and web bugs – are useful marketing tools. Digital-marketing experts use tracking pixels to measure ...

The SMISHING threat – unraveling the details of an attack

 
  On January 26, a new smishing attack targeted users in the Czech Republic. Smishing, or SMS phishing, is a vector attackers use to send SMS messages from supposedly legitimate organizations.  These messages persuade users to download a malicious app, to provide private information like bank account or credit card details, or to click on a malicious URL. In this campaign, the attackers masqueraded as Czech Post, the Czech postal service to get users to download a malicious app containing a full-scale Trojan horse. Once users click the link, they are led to a fake Czech Post web page with a seemingly legitimate address. From there the malware downloads and installs immediately ...

Phishing: Reeling in Enterprises for Hefty Profits

 
Can you believe that phishing, the scam that tricks users into giving away sensitive information like their credit card numbers and bank login credentials, is still with us after more than twenty years? Phishing is still here because criminals keep devising new ways to make it work. However, new phishing methods take more effort, but yield only modest returns. To increase their returns, some criminals are dropping phishing schemes that attack large masses of random users and are replacing them with narrowly focused attacks targeting a few high-value employees at enterprises. These attacks are called “spear phishing.” Spear phishing uses social engineering and deception to steal ...

Whaling: The Hunt for High Profile Business Targets

 
What are whaling attacks? “Whaling” attacks, also called Business Email Compromise (BEC), are a newer form of phishing attack. Phishing attacks consist of messages sent to would-be victims that try to deceive them into clicking malicious links, or opening an attachment that contains malware. Phishing attacks have evolved drastically, in part due to growing awareness of such threats. Spear phishing attacks are designed to target specific victims, as opposed to simply casting a wide net. Spear phishing often uses domains that are almost identical to real domains that are in constant contact with the victims, in an attempt to make the victim believe the phishing attempt is a valid ...

Secure Every Click – Check Point SandBlast™ Agent for Browsers

 
Internet users expect near-instant and unconstrained access to web content when browsing. Unfortunately, the web poses one of the greatest threats to enterprises today. Malware may be hidden in web-downloaded content or webmail attachments. Your employees may unknowingly become victims of phishing, social engineering, and other malware-less attacks aimed at stealing corporate passwords and sensitive data. Even the seemingly innocent reuse of corporate passwords by your employees for non-corporate web services puts your organization at risk. To further complicate matters, hackers constantly evolve their methods to evade detection by traditional signature-based security solutions. This ...

Rocket Kitten: A Campaign With 9 Lives

 
The customized malware and creative phishing techniques of cyber-espionage groups prove that there is a recurring industry problem. Cyber criminals can evade detection by making minimal changes to bypass most current protection solutions. Since early 2014, the attacker group dubbed ‘Rocket Kitten’ has been actively targeting organizations through malware infections and spear phishing campaigns. After an attack incident against a customer, Check Point researchers joined the investigations and released a report detailing the operations of the cyber-espionage campaign. The Rocket Kitten group has been studied and analyzed on multiple occasions by different vendors, and these attacks ...

Phishing for Employees in Russia

 
During the period August 27-30, 2015, Check Point sensors recorded a large amount of logs generated by the IPS protection “PHP Print Remote Shell Command Execution.” This was an interesting anomaly, as we do not usually see high volume of logs from this protection. We started investigating the logs received from all sources, and noticed that they were all similar. The resources in all logs contained the following suspicious command: roskomnadzor=print-439573653*57; Looking at “roskomnadzor,” we found that this is the name of the Russian Federal Service for Supervision of Communications, Information Technology and Mass Communications (and that Russian people seem to be ...

The Curious Incident of the Phish in the Night-Time: a Forensic Case Study

 
Names have been changed to protect the privacy of the individuals involved.   On the morning of February 26, 2015, Laurie logged on to her Google account at work and discovered that overnight, someone had used her account as a stepping stone for a total, indiscriminate phishing campaign.   Laurie is the chief administrative assistant of a small venture capital firm. Every new employee, every new customer, every form and every invoice go through her. On that Thursday morning, instead of the usual paperwork, she was greeted with a barrage of replies sent by confused correspondents: “Is this really from you?”, “Should I open this?”, “What is ...

Mobile Security Weekly – Three New But Classic iOS and Android Attacks

 
This week’s issue includes three classic mobile security issues that shine a spotlight on iOS and Android attacks. Far from the type of news enterprises want to see, these are new ways mobile device users can be attacked and/or robbed. This new vulnerability, new SMS worm and large-scale social engineering campaign aren’t the kinds of attacks that are unheard of, but they prove attackers simply aren’t slowing down. Samsung’s Find My Phone Feature Opens Another Door to Attackers A new zero-day flaw that allows hackers to lock a large range of Samsung device by taking advantage of the lost device feature has just been published. Worryingly, it already ...