IR Case: The Florentine Banker Group

April 23, 2020 2:59 am

by Matan Ben David Introduction On December 16 2019, Check Point’s Incident Response Team (CPIRT) was engaged by three firms in the finance sector to investigate fraudulent wire transfers sent from their joint... Click to Read More

Ransomware Evolved: Double Extortion

April 16, 2020 2:03 am

Overview Picture this scene:  you arrive at the office one morning to find that cybercriminals have accessed your entire corporate network and encrypted all your files and databases, bringing the operations of your... Click to Read More

Threat Actors Migrating to the Cloud

April 10, 2020 3:06 am

Where do malware payloads come from? It’s a question with an apparently trivial answer. Usually these sit on dedicated servers owned by the campaign managers, and occasionally on a legitimate website that has... Click to Read More

Breaking through Windows’ defenses: Analyzing mLNK Builder

March 26, 2020 3:00 am

Introduction Launching an attack does not always require high technical aptitude on the part of a threat actor, especially when there are ready-made tools available for every stage of the infection chain. Delivery... Click to Read More

“I want to learn about exploitation! Where do I start?”

March 25, 2020 4:10 am

We’ve heard this question a lot. We’re even young enough to remember having asked it. The standard answer is often an embarrassed mumble that there are no golden rules, and that you should... Click to Read More

Google Play Store Played Again – Tekya Clicker Hides in 24 Children’s Games and 32 Utility Apps

March 24, 2020 2:14 am

Research by Israel Wernik, Danil Golubenko , Aviran Hazum    Although Google has taken steps to secure its Play store and stop malicious activity, hackers are still finding ways to infiltrate the app store and access users’... Click to Read More

The Inside Scoop on a Six-Figure Nigerian Fraud Campaign

March 17, 2020 3:00 am

Cybercrime is usually a one-way street. Shady types send their malicious documents and Trojans downstream to us innocent folk. Worst-case scenario, we get infected. Best-case scenario, we smirk, hit “delete” and move on... Click to Read More

Vicious Panda: The COVID Campaign

March 12, 2020 7:09 am

Introduction Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver a previously unknown malware implant to the target.... Click to Read More

Phorpiex Arsenal: Part II

March 11, 2020 4:37 am

Following our recent Phorpiex publications, we finish with technical descriptions of the modules we encountered in this campaign. Below we describe the remaining ones: XMRig Silent Loader. NetBIOS Worm Module. Auxiliary modules (includes... Click to Read More

March 2nd – Threat Intelligence Bulletin

March 2, 2020 2:30 am

For the latest discoveries in cyber research for the week of March 2nd 2020, please download our Threat Intelligence Bulletin TOP ATTACKS AND BREACHES  An unprotected ElasticSearch database belonging to the sport retailer... Click to Read More