Is Malware Hiding in Your Resume? Vulnerability in LinkedIn Messenger Would Have Allowed Malicious File Transfer

 
The popular business social network LinkedIn has accumulated over 500 million members across 200 countries worldwide. Whether you’re a manager seeking to expand your team or a graduate on the job hunt, LinkedIn is the go-to place to expand your professional network.   As the world’s largest professional network, LinkedIn has acquired a noteworthy reputation. Individuals utilize the site to seek out trustworthy business connections and job opportunities. The most used feature on the site is the messenger platform. It enables users to easily send resumes, transfer academic research and share job descriptions. Users open messages under the assumption that the information is ...

Cyber Attack Trends: Mid-Year Report

 
2017 has proved to be a lucrative year for cybercrime. Prominent malware and attack methods continue to evolve, creatively bypassing existing security solutions.  In 2016, we witnessed sophisticated new malware emerging on a regular basis, exposing new capabilities, distribution methods, and attack services offered for sale through multiple platforms. 2017 is shedding light on a new trend – simple, yet highly effective malware families are causing rapid destruction globally. So far, in 2017 cyber attacks are occurring at a higher frequency than previous years. Recent infiltrations have demonstrated the agility, scale and persistence of an attack that criminals are capable of ...

JavaScript Lost in the Dictionary

 
Check Point threat Intelligence sensors have picked up a stealth campaign that traditional anti-virus solutions are having a hard time detecting. On July 17th SandBlast Zero-Day Protection started showing a massive email campaign which was not caught by traditional AV solutions. Even today, on the fourth day of this campaign, when Check Point has already blocked 5,000 unique samples of the campaign, there are still only a handful of samples on VirusTotal, half of which are not detected by any AV scan engine and the others with just a handful of detections.   The campaign is related to the “BlankSlate” spam campaign which sends emails with blank body and in this case ...

June’s Most Wanted Malware: RoughTed Malvertising Campaign Impacts 28% of Organizations

 
Check Point’s latest Global Threat Impact Index revealed that 28% of organizations globally were affected by the Roughted malvertising campaign during June. A large-scale malvertising campaign, RoughTed is used to deliver links to malicious websites and payloads such as scams, adware, exploit kits and ransomware. It began to spike in late May before continuing to peak--impacting organizations in 150 different countries. The top affected companies were in the education, communications and retails & wholesale sector. The malvertiding related infection rates spiked in recent months as attackers only have to compromise one online ad provider to reach a wide range of victims with ...

CrashOverride

 
On June 20th Check Point published an IPS signature providing virtual patching for the Siemens SIPROTEC DoS vulnerability. This IPS signature can help protect against a new malware, CrashOverride, also known as Industroyer-- that is a direct threat to Electric Grid Operators.   CrashOverride is the fourth piece of ICS-tailored malware used against these targets and the second ever to be designed and deployed for disrupting physical industrial processes. CrashOverride was employed in the December 17th, 2016 cyber-attack on the Kiev, Ukraine transmission substation resulting in electric grid operations impact.   This malware is an extensible platform that can be used to ...

May’s Most Wanted Malware: Fireball and Wannacry Impact More Than 1 in 4 Organizations Globally

 
Check Point’s latest Global Threat Impact Index revealed more than one in four organizations globally was affected by the Fireball or Wannacry attacks during May-- in the company’s latest Global Threat Impact Index.   The top three malware families that impacted networks globally were zero-day, previously unseen attacks.  Fireball impacted one in five organizations worldwide, with second-placed RoughTed impacting 16% and third-placed WannaCry affecting nearly 8% of organizations globally.   The most prevalent malware highlight cyber-criminals are utilizing and impacting all stages of the infection chain with a wide range of attack vectors and targets.  Fireball ...

Anatomy of the Jaff Ransomware Campaign

 
Last month, Check Point researchers were able to spot the distribution of Jaff Ransomware by the Necurs Botnet. The ransomware was spread using malicious PDF files that had an embedded docm file, which in its turn downloaded an encoded executable. After the downloaded file was decoded, the ransomware encrypted the user’s files. In the last weeks, however, we were able to detect a new spam campaign delivering the ransomware and altering the chain of infection to use malicious WSF files.  New Campaign On May 28, Check Point SandBlastZero-Day Protection solution caught 8,000 messages delivering the ransomware, titled “Scanned Image from a Xerox WorkCentre," a title which was in use ...

FIREBALL – The Chinese Malware of 250 Million Computers Infected

 
Check Point Threat Intelligence and research teams recently discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware,  Fireball, takes over target browsers and turns them into zombies. Fireball has two main functionalities:  the ability of running any code on victim computers--downloading any file or malware, and  hijacking and manipulating infected users’ web-traffic to generate ad-revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware. This operation is run by Rafotech, a ...

BROKERS IN THE SHADOWS: Analyzing vulnerabilities and attacks spawned by the leaked NSA hacking tools

 
Background Rarely does the release of an exploit have such a large impact across the world. With the recent leak of the NSA exploit methods, we saw the effects of powerful tools in the wrong hands. On April 14, 2017, a group known as the Shadow Brokers released a large portion of the stolen cyber weapons in a leak titled, “Lost in Translation.” This leak contained many exploits, some of which were already patched a month earlier in the Microsoft SMB critical security update (MS17-010). However, many users were unable to update their systems. Even before WannaCry hit, more than 400,000 computers in approximately 150 countries were infected with one of the tools, called DoublePulsar. ...

The Judy Malware: Possibly the largest malware campaign found on Google Play

 
Check Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware ...