Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 03/11/2022

Aaron_Rose
Employee
Employee
0 0 656

 

Newsletter_2022_Social.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS  


  • Webinar: “Infinity MDR: Prevent, Monitor, and Respond to Attacks”
    In order to improve your security posture you're required to recalibrate detection and response strategies. However, most organizations can’t afford the costs and complexity involved in recruiting, training and maintaining a 24/7/365 Security Operation Center (SOC). As a result, companies worldwide are increasingly adopting Managed Detection and Response (MDR) services. In fact, Gartner predicts that half of the companies will partner with an MDR provider by 2025.

    Join our Head of Threat Management & Chief Security Advisor, Dan Wiley, and learn about the latest cyber trends and how Check Point protects customers from the most advanced, never seen before ransomware attacks.

    Session Highlights:
    --Insights into the current cyber landscape
    --How to protect your organization from attacks with MDR services key benefits and differentiation

    When: Wednesday, March 23rd @ 12pm EST
    Register Here – All webinar participants will receive a choice of a Blink indoor or outdoor home camera- to protect your home, as we protect your users.

 

  • New YouTube Channels: 
    • Check Point Architects
      This channel, managed by architects Dan Taney & Aaron Rose will serve as a repository for demo videos, reports for forensic analysis, and technical training for our customers.
    • Tips & Tricks
      Did you miss an episode of Tips & Tricks?  Or do you want to replay a specific topic?  Here you’ll find all the videos for past & future Tips & Tricks. 

 

  • Podcast: “CISO Secrets”
    “CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.
    Listen Here

 

 TOP ATTACKS AND BREACHES

  • Check Point Research reports on cyber criminals’ and hacktivists’ increased activity leveraging Telegram amid the Russia-Ukraine war. Anti-Russian cyber-attack groups have been growing, while others claiming to fundraise for Ukraine are suspected to be fraudulent.
  • Ukraine “IT army” consisting of cyber-operatives and volunteers worldwide has claimed attacks taking down multiple Russian and Belarusian key websites, including the Kremlin’s official site.
  • After the HermeticWiper (aka FoxBlade, KillDisc) attacks on Ukrainian targets, a new data wiper called IsaacWiper was found to be deployed against a Ukraine government network.
    Check Point Harmony Endpoint and Threat Emulation provide protection against these threats (Trojan.Win.KillDisc; Trojan.Win.HermeticWiper; Trojan.Wins.IsaacWiper)
  • Non-governmental organizations and multiple charities providing humanitarian aid in Ukraine have been targeted in an effort to spread confusion and disrupt operations supplying medicine, food and clothing to those directly affected by the conflict.
  • Ransomware gang Lapsus$, which took responsibility for last week’s breach on the giant chip firm NVIDIA, claims it has now managed to breach the Korean manufacturer Samsung, and published 190GB of sensitive data online.
  • As part of the NVIDIA leak by the Lapsus$ ransomware gang were 2 stolen code signing certificates used by to sign their drivers and executables. Attackers have already started using these certificates to sign malware, hoping to evade security solutions.
    Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Trojan.Wins.NvidiaLeakedCert.A)
  • US insurance broker AON is investigating a cyber-attack that has impacted part of their systems.
  • Swedish camera company Axis has had to shut down all its public-facing internet services after a cyber-attack targeted its IT systems.
  • Japanese car manufacturer Toyota has halted their operations and productions in its plants across Japan after one of its plastic component suppliers Kojima Press Industries suffered a cyber-attack.

 

VULNERABILITIES AND PATCHES

  • Researchers have shared details on the now patched severe design flaws in the Samsung Galaxy encryption hardware feature affecting 100M devices. Tracked CVE-2021-25444 & CVE-2021-25490, these vulnerabilities affect Samsung Galaxy S1, S20 models and S8, S9 & S10 devices.
  • CISA has enriched its catalog of known exploited vulnerabilities with 95 new flaws based on evidence of ongoing exploitations.
    Check Point IPS provides protection against 47 of these vulnerabilities and we continue expanding our coverage
  • CISA warns of a highly severe vulnerabilities in Schneider and GE Digital’s SCADA software. Tracked CVE-2022-22722, CVE-2022-22723 & CVE-2022-22725, these flaws could lead to disclosure of device credentials, denial-of-service, device reboot, or let a hacker gain control of the relay.

THREAT INTELLIGENCE REPORTS

  • Check Point Research warns of disinformation surrounding hacktivists’ multiple campaigns supporting both Russia and Ukraine: while there have been numerous attack claims, many of these “successes” remain either questionable or impossible to verify.
  • Research shows 75% of the infusion pumps in healthcare organizations are vulnerable to known flaws.
  • A new espionage tool, Daxin, has been used by China-affiliated threat actors in campaigns targeting governments, as well as telecom, transportation and manufacturing enterprises.
    Check Point Anti-Virus provide protection against this threat (Trojan.Win32.Malware.TC.daxin)
  • Conti Ransomware internal chats have been leaked, allegedly by a Ukrainian researcher, a few days after the group’s pledge to retaliate cyber-attacks on Russian targets. The file dump contains 13 months of conversations providing insights on their modus operandi, tools, internal management and more.
    Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win32.Conti)
  • The Russian government has released a list of 17,576 IP addresses and 166 domains that have allegedly been targeting its infrastructures with distributed denial-of-service (DDoS) attacks. The list includes CIA, FBI and several media outlets domains.
  • The Log4Shell flaws are still exploited by threat actors to deploy various malware payloads, but mostly for DDoS botnets and planting cryptominers.
    Check Point IPS provides protection against this threat (Apache Log4j Remote Code Execution (CVE-2021-44228))

 

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.

 

 

If you were forwarded this email, click here to subscribe.