2017-4-24 Global Cyber Attack Reports

April 24, 2017


  • A wave of email-spread malware hit Americans, seeking to exploit the April tax payment deadline by
    sending malicious attachments that appear to be legitimate tax emails. These attachments contain remote-access Trojans and other malware.
  • Criminals have stolen a total of 800,000$ from 8 Russian ATM machines in a single night, using “fileless” Windows PowerShell malware attack.
  • Intercontinental Hotels Group, which had admitted earlier this year that several of its hotels were infected with Point-of-Sale malware, has now disclosed that the number of affected hotels is over 1,000. Among affected hotels are Holiday Inn, InterContinental and Crowne Plaza hotels. Visitors to these
    hotels may have had their credit card information stolen by this malware.
  • A lawsuit has been filed against Bose Corp, the manufacturers of Bose headphones, after the discovery that the Bose headphone app was collecting listening information of its customers and selling it to advertising companies.
  • An Android spyware which has been active in the Google Play under the name “System Update” for years has lately been discovered to be malicious, after already having millions of downloads. The app allowed attackers to gain access to infected machines’ location data. Check Point SandBlast Mobile customers are protected against this threat
  •  Indian hackers claim to have stolen and leaked information of over 1.7 million Snapchat accounts, after being offended with Snapchat CEO’s statement regarding plans to expand to “poor countries like India”.
  •  The US restaurant chain Shoney’s has reported a breach done by a point-of-sale malware, which
    resulted in the theft of credit card details belonging to customers of dozens of Shoney’s 150 branches.


  • The Shadow Brokers group, which had released hacking tools allegedly belonging to the NSA late last year, has now leaked additional tools, also believed to belong to the NSA, exploiting 0-day vulnerabilities for both Windows and the SWIFT banking system. Following the leak, it was revealed that Microsoft had
    already patched the vulnerabilities in a secret security update.
  • Oracle has released its largest security patch ever, which included 299 security updates for multiple
    Oracle products. More than 100 of the patched vulnerabilities enabled remote code execution on Oracle
  • Google is rolling out Chrome 58, which includes security updates for 29 vulnerabilities in the browser.
  • Drupal has released a special security update for a critical access bypass vulnerability in Drupal Core.
  • 10 security vulnerabilities were discovered in nearly all of Linksys home networking products. Some of these vulnerabilities allow attackers to gain remote access to Linksys routers.


  • An almost-entirely undetectable phishing vulnerability in many popular browsers has been discovered. Attackers can exploit this vulnerability to craft websites that imitate well-known websites’ URLs by using Unicode characters that are displayed exactly the same as the real sites’ URLs.
  • Researchers have published a technical analysis of a new Locky campaign. The email campaign is spread using the Necurs botnet, and the attachments are PDF documents with embedded Word documents, which use macros to download and install the Locky malware.
  • A variant of the popular Mirai IoT botnet that includes a Bitcoin mining component had been active for a week, before disappearing again. It is unclear how effective such a tool may be – while IoT devices usually don’t have high processing power for Bitcoin mining, Mirai is able to take hold of a very large amount of such devices.



  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research
February 17, 2020

“The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign

  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research
January 22, 2020

The 2020 Cyber Security Report

  • Global Cyber Attack Reports
December 15, 2021

StealthLoader Malware Leveraging Log4Shell