Cyber Attack Trends: Mid-Year Report

 
2017 has proved to be a lucrative year for cybercrime. Prominent malware and attack methods continue to evolve, creatively bypassing existing security solutions.  In 2016, we witnessed sophisticated new malware emerging on a regular basis, exposing new capabilities, distribution methods, and attack services offered for sale through multiple platforms. 2017 is shedding light on a new trend – simple, yet highly effective malware families are causing rapid destruction globally. So far, in 2017 cyber attacks are occurring at a higher frequency than previous years. Recent infiltrations have demonstrated the agility, scale and persistence of an attack that criminals are capable of ...

CRYING IS FUTILE: SandBlast Forensic Analysis of WannaCry

 
Using the NSA exploit EternalBlue released by the Shadow Brokers, the WannaCry ransomware developers have added their names to malware lore. Given the number of institutions hit and the amount of media generated, it seemed appropriate to show what the ransomware actually does on a system through our SandBlast Agent Forensics product. The WannaCry outbreak has been a good test case for the recently launched SandBlast Anti-Ransomware. AR and Forensics work together as part of our SandBlast Agent product. As we had expected, Anti-Ransomware was up to the task and has successfully blocked all WannaCry samples we’ve thrown at it, without requiring any signatures or updates. For this ...

WannaCry – Paid Time Off?

 
Let us open with a TL;DR – DO NOT pay the ransom demanded by the WannaCry ransomware! Now, let us explain why: As of this writing , the 3 bitcoin accounts associated with the WannaCry ransomware have accumulated more than $33,000 between them. Despite that, not a single case has been reported of anyone receiving their files back. The decryption process itself is problematic, to say the least. Unlike its competitors in the ransomware market, WannaCry doesn’t seem to have a way of associating a payment to the person making it. Most ransomware, such as Cerber, generate a unique ID and bitcoin wallet for each victim and thus know who to send the decryption keys to. WannaCry, on ...

September’s ‘Most Wanted’ Malware List: Ransomware in Top 3 for First Time

 
The Check Point Research Team revealed this week that ransomware attacks continued to rise in September. For the first time since the team launched the Threat Index, ransomware moved into the top three position of the most prevalent malware, with the Locky ransomware accounting for 6 percent of all recognized attacks globally during the month. The relative presence of ransomware attacks, within the total number of global attacks, increased by 13 percent. In line with recent trends, the number of active malware families remained high, with three new entries making the top ten, including Chanitor, a downloader for malicious payloads, the Blackhole exploit kit, and Nivdort, a multipurpose bot. ...

FACEBOOK MaliciousChat

 
Check Point disclosed details about a vulnerability found in Facebook Messenger, both in the online and mobile application. Following Check Point’s responsible disclosure, Facebook promptly fixed the vulnerability.   What is this vulnerability? The vulnerability allows a malicious user to change a conversation thread in the Facebook Online Chat & Messenger App. By abusing this vulnerability, it is possible to modify or remove any sent message, photo, file, link, and much more. The vulnerability was fully disclosed to the Facebook Security team earlier this month. Facebook immediately responded, and after a joint effort, the vulnerability was patched. Click here to ...

New Locky Ransomware Variant Implementing Changes in Communication Patterns

 
Recently, Check Point published a detailed report describing Locky, an emerging new ransomware threat, which was first reported on February 16, 2016. New characteristics related to its communication have now been observed in the wild. In the past two weeks we have witnessed several changes in Locky communication patterns, as a part of a new distribution campaign. Initially, Locky’s communication was well known across the community for displaying a particular communication pattern:     However, since March 22 we have encountered a major drop in logs related to communication of this Locky variant:   Assuming that Locky probably didn’t go silent ...

Why it’s a Smart Idea to Use Threat Intelligence

 
When It Comes to Security, Do You Have ‘Evidence-Based Knowledge’? Recently, I participated in an interesting Twitter chat. One of the questions posed: What keeps you up at night? The responses varied, but the one common thread was that malware is constantly evolving, making things scarily unpredictable. It’s the reason why intelligence is key to protecting your corporate data and assets, as well as staying one step ahead. Gartner describes threat intelligence as “the product of a process, rather than a series of individual data points.” Their definition: evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an ...

ThreatCloud IntelliStore Marketplace – A new actionable approach to Threat Intelligence

 
Cyber threats have significantly increased in number and in complexity. With malware evolving constantly, we require a steady stream of information on emerging threats to optimize our security systems in place. There are several vendors that provide threat intelligence , but none that offer a platform with customizable and actionable intelligence, including specialized feeds by industries, geographies, and malware types. As a customer, it is an overwhelming task to seek out and coordinate all the vendors necessary for a comprehensive solution. Instead, several organizations have incomplete threat data, leaving them incredibly vulnerable to attack. However, receiving comprehensive data is ...

Our Mission To Cure The Healthcare Security Epidemic

 
The healthcare industry has taken a major beating in terms of cyber security attacks. In the past two years, there has been a myriad of breaches, compromising the personal health information (PHI) of millions. According to the Identity Theft Resource Center, 42.5 percent of all data breaches were in the healthcare industry. The Center also reports that 91 percent of all healthcare companies reported that they had at least one data breach over the last two years.   Despite the efforts of HIPAA regulations to enforce the privacy of patients’ information and the security of their medical records, many studies have shown a surge in data breach cases. Specifically, one study in the ...

A Solution for the Evolving Threat Landscape

 
The threat landscape has severely changed over the last few years, and organizations have to constantly keep up with sophisticated threats and advanced tactics of cybercriminals. With multiple tools at hackers’ disposal, new threat variants are released every day. According to Check Point’s 2015 Security Report, organizations were hit with 106 new forms of malware every hour. This wave of cybercrime has left businesses to face a range of new threats using tactical approaches, but these tools often lack integration or common management. This creates challenges for organizations and gives hackers an opportunity to leverage gaps and evade detection. As threats continue to evolve and ...