September’s Most Wanted Malware: Locky Shoots Back Up Global Rankings

 
Check Point’s latest Global Threat Index has revealed a massive increase in worldwide Locky attacks during September, with the ransomware impacting 11.5% of organizations globally over the course of the month. Locky has not appeared in our Global Threat Impact Index, which reports on the top ten most prevalent malware attacks globally every month, since November 2016. However, attacks in September were powered by the hefty Necurs botnet, which in itself was ranked at number ten in the table. These attacks shot Locky up 25 places overall, to sit just behind the Roughted malvertising campaign in pole position. Locky’s distribution began in February 2016, and it rapidly became one of ...

The Unbearable Lightness of Operating Web-Based Attacks: How easy it is to steal money from IE 8.0-11.0 users

 
Looking back at the past year, there is no doubt that the malware-as-a-service industry, which sells and trades malware samples, attack tools, and a variety of services, is thriving. It means that cyber criminals with low technical skills can easily purchase attack tools from more advanced hackers, vastly increasing the number of potential attackers, attacks, and victims. Cerber, a ransomware-as-a-service operation, was one of the most dominant and profitable ransomware variants of 2016. Last December, a new DDoS (Distributed Denial of Service) collaborative effort dubbed Sledgehammer made headlines due to its unique operation mode. Participants were asked to attack targeted political ...

March’s ‘Most Wanted’ Malware List: Exploit Kits Rise Again in Popularity

 
Old malware rarely dies:  it just lies dormant for a while.  This was one of the key findings of the Check Point Research Team’s latest Global Threat Impact Index, which saw a surge in the usage of Exploit Kits during March, following a steady decline in usage since a high point in May 2016. Exploit Kits are designed to discover and exploit vulnerabilities on machines in order to download and execute further malicious code.  The leading variants were Angler and Nuclear, and their demise saw Exploit Kits fall out of the leading malware used to launch attacks on organizations worldwide. However, in March, the Rig Exploit Kit shot up the rankings, being the second most prevalent ...

Check Point’s 2017 Cyber Security Survey Shows Key Concerns and Opportunities among IT Professionals

 
The theme of the 2017 RSA Conference is ‘The Power of Opportunity’ inspired by an approach to learning taken by the Zen monk Shunryu Suzuki. He said that one should pursue even the most advanced study with the mind-set of a beginner and be open to considering new possibilities. That’s certainly a good way to approach the challenges of enterprise security. Today’s business landscape is constantly evolving, presenting new opportunities and challenges – such as the migration to public and private clouds, wider roll-out of mobility and BYOD programs, and the emergence of new cyberthreats seeking to exploit these technologies. So, what are the threats that enterprises are ...

Cloud Security Predictions and Trends

 
It’s that most wonderful time of the year – the time where I like to take a look back and reflect on what the year has been as well as look forward to take a peek into next year. With the start of every new year we see many exciting new trends. But if the past is any indication, the security threat landscape will constantly change and present new challenges ahead. Looking into some of those trends and challenges is our Check Point security team. At the end of each year, they spend time imagining what the threat landscape might look like in the coming year. This gives us the opportunity to analyze the security trends we’ve followed over the past year, and it allows us to creatively ...

Join Check Point at SecTor to learn how to go beyond traditional security with advanced threat prevention

 
Next week, Check Point will be at SecTor, Canada’s premier IT security education conference. The conference brings the world’s brightest (and darkest) minds together to identify, discuss, dissect and debate the latest digital threats facing corporations today. The conference has assembled a line-up of industry experts who will share some of the most engaging, educational and thought-provoking security sessions in the industry.   With the threat landscape rapidly evolving, advanced malware and zero day threats will leave your traditional security approaches in the dust. Legacy security architectures and tools will expose your infrastructure to cyber risks and challenges never ...

The QuadRooter Domino Effect

 
Component suppliers, Android device manufacturers and developers all test their products rigorously. Even still, vulnerabilities -- both in hardware and software -- can be found on the smartphones and tablets we trust with our sensitive data. Until a patch for a vulnerability is installed, an affected device is exposed. That's why fixing vulnerabilities like QuadRooter requires the cooperation of everyone in the Android ecosystem including researchers, suppliers, Google, device manufacturers, and carriers. Suppliers: Check Point mobile researcher Adam Donenfeld informed Qualcomm about four vulnerabilities he discovered in its chipset software drivers between February and April, in ...

Effective Security Management in a Software Defined World

 
Software defined infrastructure (SDx) along with use of private and public clouds completely transforms the way IT departments manage enterprise data centers and workloads. Automation is a key component of software defined networking (SDN), bringing network, server, security management and other IT functions or teams together. In the past when organizations deployed new applications, the application owner needed to collaborate with several teams. For example: one team installed the required servers HW and OS, a separate team connected servers to the network, and yet another team provisioned the security and firewall rules. It was as if the stars (or functional teams) had to align in ...

Attacks on SMB are a sure thing, according to the latest Verizon report

 
It’s not surprising that small businesses are much more vulnerable to cyberattacks vs. large enterprises. The 2016 Data Breach Investigations Report reveals just how much (Check Point contributed to the report). The report covers a large number of SMBs. 521 small businesses were surveyed and 447 confirmed they suffered a security breach with data loss in 2015, an astonishing 85% breach rate. On the other hand, enterprise security breaches tell us a different story. Out of 47,408 enterprises, only 312 (0.6%) experienced such breaches. This is no coincidence. Compared to SMBs, enterprises are much more aware and prepared to face cyberattacks. They implement various security measures and ...

JavaScript Hooking as a Malicious Website Research Tool

 
One of the top Internet threats today is drive-by download attacks which originate from exploits kits, hacked websites, spam campaigns and more. As browsers are the main tool for navigating the web, the main attack vectors are browser vulnerabilities, plugin and extension vulnerabilities, as well as some OS vulnerabilities.   We have been playing with the idea of using JavaScript hooking as a research tool with the goal of identifying hacked websites, exploit-kits, and CVEs, and of profiling websites for research purposes.   Why JavaScript hooking? A web page is constructed from static and dynamic components. The static components are declared as part of the HTML ...