Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 03/04/2022

Aaron_Rose
Employee
Employee
0 0 770

Newsletter_2022_Social.jpg

 

 

 

ANNOUNCEMENTS & UPCOMING EVENTS  


  • Tips & Tricks Webinar: “Health Check Point Overview and Demo”
    Join us on March 10, 2022 when our Security Engineer David Hanson will  give you Tips and Tricks on the Health Check Point and Demo.
    When: March 10, 2022 at 9:00am-9:30am EST
    Register Here – If you cannot attend live, please register to receive the follow up email with the recording link.

  • Webinar: “Infinity MDR: Prevent, Monitor, and Respond to Attacks”
    In order to improve your security posture you're required to recalibrate detection and response strategies. However, most organizations can’t afford the costs and complexity involved in recruiting, training and maintaining a 24/7/365 Security Operation Center (SOC). As a result, companies worldwide are increasingly adopting Managed Detection and Response (MDR) services. In fact, Gartner predicts that half of the companies will partner with an MDR provider by 2025.

 

Join our Head of Threat Management & Chief Security Advisor, Dan Wiley, and learn about the latest cyber trends and how Check Point protects customers from the most advanced, never seen before ransomware attacks.

 

Session Highlights:

--Insights into the current cyber landscape

--How to protect your organization from attacks with MDR services key benefits and differentiation

When: Wednesday, March 23rd @ 12pm EST
Register Here – All webinar participants will receive a choice of a Blink indoor or outdoor home camera- to protect your home, as we protect your users.

  • New YouTube Channels: 
    • Check Point Architects
      This channel, managed by architects Dan Taney & Aaron Rose will serve as a repository for demo videos, reports for forensic analysis, and technical training for our customers.
    • Tips & Tricks
      Did you miss an episode of Tips & Tricks?  Or do you want to replay a specific topic?  Here you’ll find all the videos for past & future Tips & Tricks. 

 

  • Podcast: “CISO Secrets”

“CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.

Listen Here

TOP ATTACKS AND BREACHES

  • Check Point Research has released data on cyber attacks observed around the current Russia/Ukraine conflict. Cyber attacks on Ukraine’s government and military sector surged by 196% in the first three days of combat. Cyber attacks on Russian organizations increased by 4%. Phishing emails in the East Slavic languages increased 7-fold.
  • Check Point Research has spotted a new malware, Electron-bot, distributed through gaming applications on Microsoft's official store, with at least 5,000 victims, mostly in Sweden, Bulgaria, Russia, Bermuda and Spain. The malware can control social media accounts of its victims, including Facebook, Google and Sound Cloud. The malware can register new accounts, log in, comment on and “like” other posts.

Check Point Harmony Endpoint provides protection against this threat

  • Following an announcement by OpenSea about a contract migration they are planning, Check Point Research observed that hackers took advantage of the upgrade process and scammed NFT users, leading to theft of millions of dollars.
  • A new data wiper called HermeticWiper has been targeting hundreds of computers in Ukraine. The malware appears to have been compiled in December 2021, which implies that the attack was premeditated for at least a couple of months.

Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Trojan.Win.KillDisc.A; Trojan.Win.HermeticWiper.A; Trojan.Wins.HermeticWiper.B)

  • Belarussian state-sponsored threat actor UNC1151 has been targeting private email accounts of Ukraine military forces and related individuals, luring them into clicking a link to verify their contact information.
  • State-sponsored Iranian APT group MuddyWater is using a new malware in a cyber espionage campaign targeting government and commercial networks worldwide. Intrusion is facilitated with spear-phishing attacks to lure victims into downloading ZIP archives containing malicious Excel or PDF files.

Check Point Threat Emulation and Anti-Bot provide protection against this threat

  • US based chipmaker Nvidia has been hit by a cyber-attack impacting their developer tools and email systems. It is claimed that the cyber criminals were hacked back, encrypting the data they had stolen.
  • TiltedTemple APT group has been targeting US defense contractors with sophisticated SockDetour backdoor to maintain persistence. SockDetour can hijack network connections made to the pre-existing network socket and establishes an encrypted C2 channel with a remote hacker via the socket.

 

VULNERABILITIES AND PATCHES

  • US Cybersecurity Infrastructure and Security Agency (CISA) has warned of 2 vulnerabilities in Zabbix IT monitoring tool that are actively exploited in the wild.

Check Point IPS will provide protection against this threat in the next online package (Zabbix Web Frontend Authentication Bypass (CVE-2022-23134); Zabbix Web Frontend Authentication Bypass (CVE-2022-23131))

  • A patch has been issued for a remote code execution flaw in Okta Advanced Server Access Client (CVE-2022-24295) that could let a remote hacker perform command injections via a specially crafted URL.
  • Cisco has addressed four security vulnerabilities in new updates: CVE-2022-20650, a command injection flaw in the NX-API feature of Cisco NX-OS Software, CVE-2022-20623 & CVE-2022-20624, two DoS flaws in NX-OS, and CVE-2022-20625, another DoS vulnerability in the Cisco Discovery Protocol service.

THREAT INTELLIGENCE REPORTS

  • Check Point Research has analyzed how the Eastern Europe conflict affects the dynamics of the cyberspace. Hacktivists, cybercriminals and white hat researchers are picking a clear side, emboldened to act on behalf of their choices. This includes building the Ukraine “IT army” of volunteers, Conti ransomware which threatens to attack those opposing Russia, and more.

Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win32.Conti)

  • The Russia affiliated Cyclops Blink malware that replaces VPNFilter code, has been deployed to compromise routers and will provide DDoS tools to attackers. The threat actor has been linked to Sandworm (aka Voodoo Bear), known to target Ukraine in the past.

Check Point Threat Emulation provide protection against this threat (Trojan.Wins.CyclopsBlink)

  • Operators of TrickBot malware have shut down their servers, after 2 months of inactivity. Some of its developers may have joined the Conti gang.

Check Point Harmony Endpoint and Threat Emulation provide protection against these threats

  • Dridex malware are now delivering Entropy ransomware in recent attacks against different organizations. The attackers were relying on Cobalt Strike beacons as a means to infect more machine.

Check Point Harmony Endpoint and Threat Emulation provide protection against these threats

  • Researchers have published details of Bvp47, a backdoor used by the Equation APT group, allegedly linked to the US National Security Agency (NSA). Bvp47 has been used on over 287 targets located in 45 countries, mainly China, Korea, Japan, Germany, Spain, India and Mexico.

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.

 

 

If you were forwarded this email, click here to subscribe.