Home > Company > Check Point Blog

Check Point Blog

Welcome to the Check Point Blog where you will find posts tagged in two categories:

  • Threat Research: Research findings, threat intelligence, and perspectives from Check Point’s research teams
  • Security Insights: Perspectives on current events and the security landscape from Check Point thought leaders


Get started by choosing a category, or read them all!

Sort blog posts by:  

Threat Brief: Petya Ransomware, A Global Attack

by Check Point Research Team posted 2017/06/27
 
A worldwide attack erupted on June 27 with a high concentration of hits in Ukraine - including the Ukrainian central bank, government offices and private companies. The attack is distributing what seems to be a variant of Petya, an MBR ransomware. While the source of the attack has yet to be determined, many researchers suggest that M.E.Doc, a Ukrainian accounting software provider, was compromised and its systems abused to distribute the attack via its software update mechanism. M.E.Doc is a popular service in Ukraine, the malware’s top targeted country; in May the company was also suspected of involvement in the distribution of another ransomware, known as XData. So far, ...

Securing the Cloud: Ward Off Future Storms

by Check Point Research Team posted 2017/06/22
 
A recent incident has left the voting records of 198 million Americans exposed. The data included the names, dates of birth, addresses, and phone numbers of voters from both parties. It also included voter’s positions on various political issues and their projected political preference. Although it is not unusual to collect this type of information, it should raise alarm bells that the platform hosting this data was not secured. This is the largest known data exposure in the United States, leaving the sensitive information of millions of Americans unprotected.   When it comes to protecting personal information and sensitive data, extensive measures should be taken to keep the ...

CrashOverride

by Check Point Research Team posted 2017/06/21
 
On June 20th Check Point published an IPS signature providing virtual patching for the Siemens SIPROTEC DoS vulnerability. This IPS signature can help protect against a new malware, CrashOverride, also known as Industroyer-- that is a direct threat to Electric Grid Operators.   CrashOverride is the fourth piece of ICS-tailored malware used against these targets and the second ever to be designed and deployed for disrupting physical industrial processes. CrashOverride was employed in the December 17th, 2016 cyber-attack on the Kiev, Ukraine transmission substation resulting in electric grid operations impact.   This malware is an extensible platform that can be used to ...

May’s Most Wanted Malware: Fireball and Wannacry Impact More Than 1 in 4 Organizations Globally

by Check Point Research Team posted 2017/06/20
 
Check Point’s latest Global Threat Impact Index revealed more than one in four organizations globally was affected by the Fireball or Wannacry attacks during May-- in the company’s latest Global Threat Impact Index.   The top three malware families that impacted networks globally were zero-day, previously unseen attacks.  Fireball impacted one in five organizations worldwide, with second-placed RoughTed impacting 16% and third-placed WannaCry affecting nearly 8% of organizations globally.   The most prevalent malware highlight cyber-criminals are utilizing and impacting all stages of the infection chain with a wide range of attack vectors and targets.  Fireball ...

Check Point Infinity NGFW Earns Recommended in NSS Labs 2017 NGFW Group Test

by Check Point Research Team posted 2017/06/08
 
I am pleased to report we achieved another NSS Recommended in the recent NGFW Group Test! This is our 6th NGFW Recommended since 2011 and our 14th NSS Recommended overall. Participating in credible, independent 3rd party testing is an important investment for us at Check Point. Independent testing provides valuable “point in time” feedback for us and we recognize it also provides important security validation for our customers and the overall market too. That said, we are very proud of our long-term track record of consistent leadership and excellence in security as validated by our track record in independent testing. We are even more excited about this “point in ...

Chain Reaction:  The New Wave of Mobile Attacks

by Oren Koriat, Mobile Threat Research Team posted
 
The main purpose of any business is to grow and be more successful – and that applies to criminal organizations just as much as it does to legitimate companies.  Cybercriminals have found that attacks specifically targeting smartphones and tablets, particularly those that incorporate a ransomware payload, are effective and profitable – which is why the volume of malware targeting users of mobile devices trebled during 2015. Nevertheless, the actual structure of mobile attacks has, until recently, tended to be very simple. A malicious app is delivered to the mobile device, sometimes as an attachment or as a download from a compromised web link. From there the app does its damage, ...

Anatomy of the Jaff Ransomware Campaign

by Check Point Research Team posted
 
Last month, Check Point researchers were able to spot the distribution of Jaff Ransomware by the Necurs Botnet. The ransomware was spread using malicious PDF files that had an embedded docm file, which in its turn downloaded an encoded executable. After the downloaded file was decoded, the ransomware encrypted the user’s files. In the last weeks, however, we were able to detect a new spam campaign delivering the ransomware and altering the chain of infection to use malicious WSF files.  New Campaign On May 28, Check Point SandBlastZero-Day Protection solution caught 8,000 messages delivering the ransomware, titled “Scanned Image from a Xerox WorkCentre," a title which was in use ...

FIREBALL – The Chinese Malware of 250 Million Computers Infected

by Check Point Threat Intelligence Research Team posted 2017/06/01
 
Check Point Threat Intelligence and research teams recently discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware,  Fireball, takes over target browsers and turns them into zombies. Fireball has two main functionalities:  the ability of running any code on victim computers--downloading any file or malware, and  hijacking and manipulating infected users’ web-traffic to generate ad-revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware. This operation is run by Rafotech, a ...

BROKERS IN THE SHADOWS: Analyzing vulnerabilities and attacks spawned by the leaked NSA hacking tools

by Check Point IPS Research Team posted 2017/05/25
 
Background Rarely does the release of an exploit have such a large impact across the world. With the recent leak of the NSA exploit methods, we saw the effects of powerful tools in the wrong hands. On April 14, 2017, a group known as the Shadow Brokers released a large portion of the stolen cyber weapons in a leak titled, “Lost in Translation.” This leak contained many exploits, some of which were already patched a month earlier in the Microsoft SMB critical security update (MS17-010). However, many users were unable to update their systems. Even before WannaCry hit, more than 400,000 computers in approximately 150 countries were infected with one of the tools, called DoublePulsar. ...

The Judy Malware: Possibly the largest malware campaign found on Google Play

by Check Point Mobile Research Team posted
 
Check Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware ...

Post Archives