JavaScript Lost in the Dictionary

 
Check Point threat Intelligence sensors have picked up a stealth campaign that traditional anti-virus solutions are having a hard time detecting. On July 17th SandBlast Zero-Day Protection started showing a massive email campaign which was not caught by traditional AV solutions. Even today, on the fourth day of this campaign, when Check Point has already blocked 5,000 unique samples of the campaign, there are still only a handful of samples on VirusTotal, half of which are not detected by any AV scan engine and the others with just a handful of detections.   The campaign is related to the “BlankSlate” spam campaign which sends emails with blank body and in this case ...

Introducing Check Point SandBlast Mobile for Microsoft Intune

 
If your enterprise is using Microsoft EMS and is looking to further secure mobile devices while ensuring employee’s privacy and productivity, you’d be happy to know that Check Point has teamed with Microsoft Intune to secure enterprise mobility. Today, Check Point announces the collaboration with Microsoft which allows Check Point’s SandBlast Mobile security solution to integrate with Microsoft Intune.  The integration is the latest in a line of joint efforts between Check Point and Microsoft to serve customers together and secure modern enterprise infrastructure – from cloud to mobile. Previous joint work includes Check Point vSec Cloud Security for Microsoft ...

June’s Most Wanted Malware: RoughTed Malvertising Campaign Impacts 28% of Organizations

 
Check Point’s latest Global Threat Impact Index revealed that 28% of organizations globally were affected by the Roughted malvertising campaign during June. A large-scale malvertising campaign, RoughTed is used to deliver links to malicious websites and payloads such as scams, adware, exploit kits and ransomware. It began to spike in late May before continuing to peak--impacting organizations in 150 different countries. The top affected companies were in the education, communications and retails & wholesale sector. The malvertiding related infection rates spiked in recent months as attackers only have to compromise one online ad provider to reach a wide range of victims with ...

Cloudy Forecast: Are you Naked in the Cloud?

 
What do high-clearance government employees, telecommunication customers and WWE fans all have in common? While this sounds like the beginning of a joke, in reality what unifies all of them is the fact that their personal, sensitive data is now part of an alarming statistic; the increasing frequency of data breaches in popular cloud services. Over the past few weeks, we have witnessed a rapidly growing trend of data exposure due to poor cloud security practices. In a recent example, Upguard earlier this week discovered yet another case of millions of sensitive customer details exposed to anyone with an active internet connection. The data was openly available on the internet until an ...

OSX/Dok Refuses to Go Away and It’s After Your Money

 
Following up on our recent discovery of the new OSX/Dok malware targeting macOS users, we’d like to report that the malicious actors behind it are not giving up yet. They are aiming at the victim’s banking credentials by mimicking major bank sites. The fake sites prompt the victim to install an application on their mobile devices, which could potentially lead to further infection and data leakage from the mobile platform as well. In the last few weeks, we’ve seen a surge in the OSX/Dok samples, as the attackers are purchasing dozens of Apple certificates to sign on the application bundle and bypass GateKeeper (see details below). Apple is constantly revoking the compromised ...

Check Point: A Leader in Vision and Execution in Two Gartner Magic Quadrants

 
Following the latest cyber attack outbreaks, WannaCry and Petya ransomware, businesses are now realizing just how vulnerable they are.  What seemed to be “good enough solutions” until now simply isn’t enough in today’s world. But still, many continue to add solutions that are focused on detecting attacks rather than preventing them. This approach lets the attackers hit first, and only after the damage has already been done, provide remediation. Instead of sitting on the sideline and watching the next attack occur, we can take action and prevent it before it happens.  The technologies already exist, and the architecture is already available. But when it comes to selecting a cyber ...

Hacked in Translation – “Director’s Cut” – Full Technical Details

 
Background Recently, Check Point researchers revealed a brand new attack vector – attack by subtitles. As discussed in the previous post and in our demo, we showed how attackers can use subtitles files to take over users' machines, without being detected. The attack vector entailed a number of vulnerabilities found in prominent streaming platforms, including VLC, Kodi (XBMC), PopcornTime and strem.io. The potential damage the attacker could inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more. After our original publication appeared, the vulnerabilities were fixed, which allows us to tell ...

How the CopyCat malware infected Android devices around the world

 
Check Point researchers identified a mobile malware that infected 14 million Android devices, rooting approximately 8 million of them, and earning the hackers behind the campaign approximately $1.5 million in fake ad revenues in two months. The malware, dubbed CopyCat by Check Point mobile threat researchers, uses a novel technique to generate and steal ad revenues. While CopyCat infected users mainly in Southeast Asia, it  spread to more than 280,000 Android users in the United States. CopyCat is a fully developed malware with vast capabilities, including rooting devices, establishing persistency, and injecting code into Zygote - a daemon responsible for launching apps in the ...

BROKERS IN THE SHADOWS – Part 2: Analyzing Petya’s DoublePulsarV2.0 Backdoor

 
Background In the wake of WannaCry, a new cyber threat has emerged from the NSA leak. Making use of previously exposed tools, Petya once again is engaged in another large scale attack. Important distinctions in this case, however, are that the attacks targeted mainly a specific country, and are used solely for destruction. While Petya may look like ransomware, it appears that despite a victim paying the ransom, there is no way to decrypt the files afterward. Petya was first seen in 2016, as a very different attack. Compared to its first appearance, in 2017 it targeted fewer file types in order to proliferate more quickly. Another difference is that the current Petya sample, which would ...