Growing a Global Company: Recapping Gil Shwed’s Interviews with Forbes and Inc

 
If you ask any Check Point researcher or engineer for one word that describes what Check Point does best, you’ll get a wide range of answers -- anything from “cybersecurity” to “cyber-security” to the rebels that’ll say “cyber security”.   But if you ask the press, you’ll get a very different answer. Growth.   Over the past week, Inc and Forbes sat down with our CEO, Gil Shwed, and asked him about his journey as an entrepreneur. They wondered - why would a founder stay with a company for so many years… why not cash out early, like most founders do? Gil talks about ingredients to Check Point’s success and his own personal insights from running one ...

December’s Most Wanted Malware: Crypto-Miners Affect 55% of Businesses Worldwide

 
Check Point’s latest Global Threat Index reveals the rise of crypto-mining malware targeting enterprises   During the month of December 2017, crypto-mining malware rapidly rose in Check Point’s Global Threat Index’s top ten most prevalent malware.   Crypto-mining malware refers to cybercriminals hijacking the victim’s CPU or GPU power and existing resources to mine cryptocurrency. Check Point researchers found that crypto-miners managed to impact 55% of organizations globally, with two variants in the top three list of malware and ten different variants in the expanded top 100.  In December, the crypto-miner Coinhive replaced RoughTed as the most prevalent ...

Malware Displaying Porn Ads Discovered in Game Apps on Google Play

 
In the past, cyber-criminals have targeted businesses, hospitals, and governments; today, we’ve seen them begin to focus on games and apps intended for children.   Check Point Researchers have revealed a new and nasty malicious code on Google Play Store that hides itself inside roughly 60 game apps, several of which are intended for children. According to Google Play's data, the apps have been downloaded between 3 million and 7 million times.   Dubbed ‘AdultSwine’, these malicious apps wreak havoc in three possible ways: Displaying ads from the web that are often highly inappropriate and pornographic. Attempting to trick users into installing fake ...

How The Spectre/Meltdown Vulnerabilities Work

 
The Spectre and Meltdown vulnerabilities recently discovered in Intel, AMD and ARM processors, are fairly complex. In this post we will try to simplify what the problem is, how it could affect your business and what actions can be taken to protect against it. It is important to begin by clarifying that despite their two names, both Spectre and Meltdown are essentially based on the same observation. This observation is a weakness behind the common implementation of speculative execution. What Is Speculative Execution? With the rate of computing power said to double every two years, CPU engineers are tasked with ensuring computers are able to run faster and faster in order to carry ...

Mitigating CPU Vulnerabilities: Removing the OS Blindfold

 
OS Level Solutions Are Not Enough The recent Meltdown and Spectre vulnerabilities target weaknesses of the CPU rather than the Operating System, or the applications that run on it. (See here for background on how these vulnerabilities work). Since they do not involve the Operating System, solutions that monitor at that level, such as traditional sandboxes, will be incapable of detecting these types of attack. A lower level framework is required in order to properly identify and mitigate these attacks.   Using The CPU Level Framework To Mitigate The Spectre and Meltdown Vulnerabilities CPU Level framework was introduced into the family of SandBlast Advanced Threat ...

LightsOut: Shining a Light On Malicious Flashlight Apps on Google Play

 
Check Point researchers have detected a new type of adware roaming Google Play, the official app store of Google. The suspicious scripts overrides the user’s decision to disable ads showing outside of a legitimate context, and then, in many of the apps, hides its icon to hinder efforts to remove it. This is a purely malicious activity, as it has no other possible purpose other than eluding the user.   Dubbed ‘LightsOut’, the code hid itself in 22 different flashlight and utility apps, and reached a spread of between 1.5 million and 7.5 million downloads. Its purpose? To generate illegal ad revenue for its perpetrators at the expense of unsuspecting users.   The ...