September’s Most Wanted Malware: Locky Shoots Back Up Global Rankings

 
Check Point’s latest Global Threat Index has revealed a massive increase in worldwide Locky attacks during September, with the ransomware impacting 11.5% of organizations globally over the course of the month. Locky has not appeared in our Global Threat Impact Index, which reports on the top ten most prevalent malware attacks globally every month, since November 2016. However, attacks in September were powered by the hefty Necurs botnet, which in itself was ranked at number ten in the table. These attacks shot Locky up 25 places overall, to sit just behind the Roughted malvertising campaign in pole position. Locky’s distribution began in February 2016, and it rapidly became one of ...

ExpensiveWall: A dangerous ‘packed’ malware on Google Play that will hit your wallet

 
Check Point’s mobile threat research team identified a new variant of an Android malware that sends fraudulent premium SMS messages and charges users’ accounts for fake services without their knowledge. According to Google Play data, the malware infected at least 50 apps and was downloaded between 1 million and 4.2 million times before the affected apps were removed. The new strain of malware is dubbed "ExpensiveWall," after one of the apps it uses to infect devices, "Lovely Wallpaper." ExpensiveWall is a new variant of a malware found earlier this year on Google Play. The entire malware family has now been downloaded between 5.9 million and 21.1 million times. What makes ...

BlueBorne: A New Set of Bluetooth Vulnerabilities Endangering Every Connected Device

 
The IoT cybersecurity firm, Armis, has revealed eight vulnerabilities in the implementation of Bluetooth in several operating systems, including Android, Windows, Linux, and iOS, successful exploitation of which could allow hackers to take complete control of a device. Indeed, these are the most severe vulnerabilities found in Bluetooth in recent years and are worrying due to their ability to be spread over an air interface. They have been termed ‘The BlueBorne Vulnerabilities’. Airborne attacks on mobile devices date back to the Cabir worm, an attack that presented the first proof of concept of a Bluetooth malware that was spread fast and wide, and even penetrated enclosed ...

Beware of the Bashware: A New Method for Any Malware to Bypass Security Solutions

 
With a growing number of cyber-attacks and the frequent news headlines on database breaches, spyware and ransomware, quality security products have become a commodity in every business organization. Consequently a lot of thought is being invested in devising an appropriate information security strategy to combat these breaches and providing the best solutions possible. We have recently found a new and alarming method that allows any known malware to bypass even the most common security solutions, such as next generation anti-viruses, inspection tools, and anti-ransomware. This technique, dubbed Bashware, leverages a new Windows 10 feature called Subsystem for Linux (WSL), which recently ...

Is Malware Hiding in Your Resume? Vulnerability in LinkedIn Messenger Would Have Allowed Malicious File Transfer

 
The popular business social network LinkedIn has accumulated over 500 million members across 200 countries worldwide. Whether you’re a manager seeking to expand your team or a graduate on the job hunt, LinkedIn is the go-to place to expand your professional network. As the world’s largest professional network, LinkedIn has acquired a noteworthy reputation. Individuals utilize the site to seek out trustworthy business connections and job opportunities. The most used feature on the site is the messenger platform. It enables users to easily send resumes, transfer academic research and share job descriptions. Users open messages under the assumption that the information is safe, secure ...

Get Rich or Die Trying: A Case Study on the Real Identity behind a Wave of Cyber Attacks on Energy, Mining and Infrastructure Companies

 
    Over the past 4 months, over 4,000 organizations globally have been targeted by cyber attacks which aim to infect their networks, steal data and commit fraud.  Many of these companies are leading international names in industries such as oil & gas, manufacturing, banking and construction industries – and some have had their defenses breached by the attacks.       Companies that Check Point researchers confirmed were infected during the campaign include: A marine and energy solutions company in Croatia A transportation company in Abu Dhabi A mining company in Egypt A construction company in Dubai An oil & gas firm in ...

Hey, you, get off of my cloud.

 
A large corporation had great expectations for their next digital advertising campaign. This time, they wanted to try cloud technology. So, they signed up with Amazon Web Services (AWS).  Because it was the cloud, their IT experts architected and deployed the system for the campaign in record time.  They even set up an administrative console which let them monitor all aspects of the cloud computing environment. In case the campaign turned out to be a huge success, they turned on auto-scale to handle spikes in Internet traffic.  Corporate management was ecstatic because they could launch a campaign with a click. As advertising started and gained traction, the cloud resources scaled up ...

JavaScript Lost in the Dictionary

 
Check Point threat Intelligence sensors have picked up a stealth campaign that traditional anti-virus solutions are having a hard time detecting. On July 17th SandBlast Zero-Day Protection started showing a massive email campaign which was not caught by traditional AV solutions. Even today, on the fourth day of this campaign, when Check Point has already blocked 5,000 unique samples of the campaign, there are still only a handful of samples on VirusTotal, half of which are not detected by any AV scan engine and the others with just a handful of detections.   The campaign is related to the “BlankSlate” spam campaign which sends emails with blank body and in this case ...

June’s Most Wanted Malware: RoughTed Malvertising Campaign Impacts 28% of Organizations

 
Check Point’s latest Global Threat Impact Index revealed that 28% of organizations globally were affected by the Roughted malvertising campaign during June. A large-scale malvertising campaign, RoughTed is used to deliver links to malicious websites and payloads such as scams, adware, exploit kits and ransomware. It began to spike in late May before continuing to peak--impacting organizations in 150 different countries. The top affected companies were in the education, communications and retails & wholesale sector. The malvertiding related infection rates spiked in recent months as attackers only have to compromise one online ad provider to reach a wide range of victims with ...

OSX/Dok Refuses to Go Away and It’s After Your Money

 
Following up on our recent discovery of the new OSX/Dok malware targeting macOS users, we’d like to report that the malicious actors behind it are not giving up yet. They are aiming at the victim’s banking credentials by mimicking major bank sites. The fake sites prompt the victim to install an application on their mobile devices, which could potentially lead to further infection and data leakage from the mobile platform as well. In the last few weeks, we’ve seen a surge in the OSX/Dok samples, as the attackers are purchasing dozens of Apple certificates to sign on the application bundle and bypass GateKeeper (see details below). Apple is constantly revoking the compromised ...