The Check Point 2017 Global Threat Intelligence Trends Report

 
2017 was an incredible year for the cyber security industry. With attacks reaching ever higher numbers and increasing levels of innovation, there seems to be no stop to the cat and mouse game taking place between threat actors and security experts. In our H2 2017 Global Threat Intelligence Trends Report, we reveal that cyber-criminals are increasingly turning to cryptominers to develop illegal revenue streams, while ransomware and ‘malvertising’ adware continue to impact organizations worldwide. Based on data drawn from Check Point’s ThreatCloud intelligence between July and December 2017, the H2 2017 Global Threat Intelligence Trends Report gives a detailed overview of the ...

Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It?

 
The smart home is often idealized as a domestic paradise -- your fridge orders your groceries for you, your robot vacuum cleaner zooms from room to room, and changing the thermostat is as easy as pulling up an app on your phone. But beneath the surface of this always-on, seamlessly connected exterior, however, lie significant concerns about privacy and cybersecurity. These concerns were dramatized in the Season 2 premiere of the cyber-drama ‘Mr. Robot’. The TV and stereo are switched on and off randomly; the water temperature in the shower goes from boiling to freezing, and the air conditioning is switched to Arctic temperatures. Someone hacked this fictional smart home, forcing the ...

September’s Most Wanted Malware: Locky Shoots Back Up Global Rankings

 
Check Point’s latest Global Threat Index has revealed a massive increase in worldwide Locky attacks during September, with the ransomware impacting 11.5% of organizations globally over the course of the month. Locky has not appeared in our Global Threat Impact Index, which reports on the top ten most prevalent malware attacks globally every month, since November 2016. However, attacks in September were powered by the hefty Necurs botnet, which in itself was ranked at number ten in the table. These attacks shot Locky up 25 places overall, to sit just behind the Roughted malvertising campaign in pole position. Locky’s distribution began in February 2016, and it rapidly became one of ...

ZoneAlarm Anti-Ransomware Earns “Editor’s Choice” from PC magazine

 
A recent review in PC magazine by Lead Analyst, Neil J. Rubenking approaches one of cyber security’s latest growing concerns, ransomware. Various comparison tests of anti-ransomware products were conducted while specifically focusing on Check Point’s consumer anti-ransomware product, ZoneAlarm. ZoneAlarm by Check Point is based on the same technology of its enterprise grade product, SandBlast Anti- Ransomware. I was very pleased to read that Rubenking took ZoneAlarm for a test drive in a real-life ransomware simulation. Rubenking’s simulation demonstrated ZoneAlarm’s capabilities to defeat each threat in a very easy-to-use, intuitive mode.  ZoneAlarm leaves zero traces of any ...

Threat Brief: Petya Ransomware, A Global Attack

 
A worldwide attack erupted on June 27 with a high concentration of hits in Ukraine - including the Ukrainian central bank, government offices and private companies. The attack is distributing what seems to be a variant of Petya, an MBR ransomware. While the source of the attack has yet to be determined, many researchers suggest that M.E.Doc, a Ukrainian accounting software provider, was compromised and its systems abused to distribute the attack via its software update mechanism. M.E.Doc is a popular service in Ukraine, the malware’s top targeted country; in May the company was also suspected of involvement in the distribution of another ransomware, known as XData. So far, ...

May’s Most Wanted Malware: Fireball and Wannacry Impact More Than 1 in 4 Organizations Globally

 
Check Point’s latest Global Threat Impact Index revealed more than one in four organizations globally was affected by the Fireball or Wannacry attacks during May-- in the company’s latest Global Threat Impact Index.   The top three malware families that impacted networks globally were zero-day, previously unseen attacks.  Fireball impacted one in five organizations worldwide, with second-placed RoughTed impacting 16% and third-placed WannaCry affecting nearly 8% of organizations globally.   The most prevalent malware highlight cyber-criminals are utilizing and impacting all stages of the infection chain with a wide range of attack vectors and targets.  Fireball ...

Check Point Reveals Global WannaCry Ransomware Infection Map at CPX Europe 2017

 
Check Point researchers have been investigating the ransomware campaign in detail since it was first reported. With a new Check Point WannaCry Ransomware Infection Map, the researchers were able to track 34,300 attack attempts in 97 countries. The average pace as of today is one attempt in every three second – indicating a slight decline since the original pace registered two days ago, of one attempt per second. The top country from where attack attempts were registered is India, followed by the USA and Russia.   Maya Horowitz, Threat Intelligence Group Manager at Check Point said, “Although we see it slightly slowing down, WannaCry still spreads fast, targeting organizations ...

CRYING IS FUTILE: SandBlast Forensic Analysis of WannaCry

 
Using the NSA exploit EternalBlue released by the Shadow Brokers, the WannaCry ransomware developers have added their names to malware lore. Given the number of institutions hit and the amount of media generated, it seemed appropriate to show what the ransomware actually does on a system through our SandBlast Agent Forensics product. The WannaCry outbreak has been a good test case for the recently launched SandBlast Anti-Ransomware. AR and Forensics work together as part of our SandBlast Agent product. As we had expected, Anti-Ransomware was up to the task and has successfully blocked all WannaCry samples we’ve thrown at it, without requiring any signatures or updates. For this ...

WannaCry – New Kill-Switch, New Sinkhole

 
Check Point Threat Intelligence and Research team has just registered a brand new kill-switch domain used by a fresh sample of the WannaCry Ransomware. In the last few hours we witnessed a stunning hit rate of 1 connection per second. Registering the domain activated the kill-switch, and these thousands of to-be victims are safe from the ransomware’s damage. Our research shows that the kill-switch works the same as in earlier versions, and the rest of the code is similar to the older versions. New kill-switch: ...

WannaCry – Paid Time Off?

 
Let us open with a TL;DR – DO NOT pay the ransom demanded by the WannaCry ransomware! Now, let us explain why: As of this writing , the 3 bitcoin accounts associated with the WannaCry ransomware have accumulated more than $33,000 between them. Despite that, not a single case has been reported of anyone receiving their files back. The decryption process itself is problematic, to say the least. Unlike its competitors in the ransomware market, WannaCry doesn’t seem to have a way of associating a payment to the person making it. Most ransomware, such as Cerber, generate a unique ID and bitcoin wallet for each victim and thus know who to send the decryption keys to. WannaCry, on ...