Hey, you, get off of my cloud.

 
A large corporation had great expectations for their next digital advertising campaign. This time, they wanted to try cloud technology. So, they signed up with Amazon Web Services (AWS).  Because it was the cloud, their IT experts architected and deployed the system for the campaign in record time.  They even set up an administrative console which let them monitor all aspects of the cloud computing environment. In case the campaign turned out to be a huge success, they turned on auto-scale to handle spikes in Internet traffic.  Corporate management was ecstatic because they could launch a campaign with a click. As advertising started and gained traction, the cloud resources scaled up ...

Are You Prepared for the Next Attack?

 
A WAKE-UP CALL From WannaCry and Petya to the most recent attacks today, #LeakTheAnalyst and HBO—it is now apparent that anyone or any organization is a target for cyber criminals. Attacks continue to grow at an alarming rate – in volume, sophistication and impact. As of May 2017, Check Point products are detecting over 17 million attacks each week, more than half of these attacks include payloads which are unknown at the time of detection and cannot be detected by conventional signature-based technology. These attacks serve as a wake-up call, illustrating how fragile and vulnerable organizations have become in recent years. In response to the many recent outbreaks, organizations ...

Re-Thinking the Cyber Consolidation Paradigm

 
The Battle of Consolidation vs. Best-of-Breed, does more security mean better security? You’re probably frequently scrutinizing whether or not your own organization’s cyber security is being properly managed. We’re constantly being bombarded with news of the latest cyber security attacks and hoping there are no gaps in our own organization’s security. With every new ransomware or phishing attack, the red flags start to wave. The immediate reaction is to ramp up our security and increase the number of vendors with the assumption that with these new products will keep us better protected. In reality, this unfortunately isn’t the case. In a recent survey, executives were asked ...

JavaScript Lost in the Dictionary

 
Check Point threat Intelligence sensors have picked up a stealth campaign that traditional anti-virus solutions are having a hard time detecting. On July 17th SandBlast Zero-Day Protection started showing a massive email campaign which was not caught by traditional AV solutions. Even today, on the fourth day of this campaign, when Check Point has already blocked 5,000 unique samples of the campaign, there are still only a handful of samples on VirusTotal, half of which are not detected by any AV scan engine and the others with just a handful of detections.   The campaign is related to the “BlankSlate” spam campaign which sends emails with blank body and in this case ...

Introducing Check Point SandBlast Mobile for Microsoft Intune

 
If your enterprise is using Microsoft EMS and is looking to further secure mobile devices while ensuring employee’s privacy and productivity, you’d be happy to know that Check Point has teamed with Microsoft Intune to secure enterprise mobility. Today, Check Point announces the collaboration with Microsoft which allows Check Point’s SandBlast Mobile security solution to integrate with Microsoft Intune.  The integration is the latest in a line of joint efforts between Check Point and Microsoft to serve customers together and secure modern enterprise infrastructure – from cloud to mobile. Previous joint work includes Check Point vSec Cloud Security for Microsoft ...

June’s Most Wanted Malware: RoughTed Malvertising Campaign Impacts 28% of Organizations

 
Check Point’s latest Global Threat Impact Index revealed that 28% of organizations globally were affected by the Roughted malvertising campaign during June. A large-scale malvertising campaign, RoughTed is used to deliver links to malicious websites and payloads such as scams, adware, exploit kits and ransomware. It began to spike in late May before continuing to peak--impacting organizations in 150 different countries. The top affected companies were in the education, communications and retails & wholesale sector. The malvertiding related infection rates spiked in recent months as attackers only have to compromise one online ad provider to reach a wide range of victims with ...

Cloudy Forecast: Are you Naked in the Cloud?

 
What do high-clearance government employees, telecommunication customers and WWE fans all have in common? While this sounds like the beginning of a joke, in reality what unifies all of them is the fact that their personal, sensitive data is now part of an alarming statistic; the increasing frequency of data breaches in popular cloud services. Over the past few weeks, we have witnessed a rapidly growing trend of data exposure due to poor cloud security practices. In a recent example, Upguard earlier this week discovered yet another case of millions of sensitive customer details exposed to anyone with an active internet connection. The data was openly available on the internet until an ...

OSX/Dok Refuses to Go Away and It’s After Your Money

 
Following up on our recent discovery of the new OSX/Dok malware targeting macOS users, we’d like to report that the malicious actors behind it are not giving up yet. They are aiming at the victim’s banking credentials by mimicking major bank sites. The fake sites prompt the victim to install an application on their mobile devices, which could potentially lead to further infection and data leakage from the mobile platform as well. In the last few weeks, we’ve seen a surge in the OSX/Dok samples, as the attackers are purchasing dozens of Apple certificates to sign on the application bundle and bypass GateKeeper (see details below). Apple is constantly revoking the compromised ...

Check Point: A Leader in Vision and Execution in Two Gartner Magic Quadrants

 
Following the latest cyber attack outbreaks, WannaCry and Petya ransomware, businesses are now realizing just how vulnerable they are.  What seemed to be “good enough solutions” until now simply isn’t enough in today’s world. But still, many continue to add solutions that are focused on detecting attacks rather than preventing them. This approach lets the attackers hit first, and only after the damage has already been done, provide remediation. Instead of sitting on the sideline and watching the next attack occur, we can take action and prevent it before it happens.  The technologies already exist, and the architecture is already available. But when it comes to selecting a cyber ...

Hacked in Translation – “Director’s Cut” – Full Technical Details

 
Background Recently, Check Point researchers revealed a brand new attack vector – attack by subtitles. As discussed in the previous post and in our demo, we showed how attackers can use subtitles files to take over users' machines, without being detected. The attack vector entailed a number of vulnerabilities found in prominent streaming platforms, including VLC, Kodi (XBMC), PopcornTime and strem.io. The potential damage the attacker could inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more. After our original publication appeared, the vulnerabilities were fixed, which allows us to tell ...