Check Point Research » Threat Research
402 FOLLOWERS
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. Follow our Threat Research blog to get the latest updates.
Check Point Research » Threat Research
1w ago
By Oded Vanunu, Dikla Barda, Roman Zaikin
Ethereum’s CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds. The attack method involves tricking users into approving transactions for smart contracts that haven’t been deployed yet, allowing cybercriminals to later deploy malicious contracts and steal cryptocurrencies. This vulnerability highlights the need for enhanced security measures in wallet security products to adapt to the evolving tactics of cybercriminals, ensu ..read more
Check Point Research » Threat Research
2w ago
Key Points
Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. At least in one case of Ivanti Connect Secure VPN (CVE-2024-21887), the exploit entered the group’s arsenal as fast as within 1 day after a POC for it was published.
Campaigns that we were able to attribute to this actor targeted Ivanti, Magento, Qlink Sense and possibly Apache ActiveMQ.
Analysis of the actor’s recent Ivanti Connect Secure VPN campaign revealed a novel Linux version of a malware called NerbianRA ..read more
Check Point Research » Threat Research
3w ago
For the latest discoveries in cyber research for the week of 4th March, please download our Threat_Intelligence Bulletin.
TOP ATTACKS AND BREACHES
UnitedHealth Group confirmed its subsidiary was attacked by the ALPHV ransomware gang. 6 terabytes of data were stolen in the attack, and Change Healthcare, a crucial intermediary between pharmacies and insurance companies, was forced to disconnect its systems on February 21. The disruption impacted U.S. military clinics and hospitals worldwide, necessitating manual prescription processes.
Check Point Harmony Endpoint and Threat Emulation provide ..read more
Check Point Research » Threat Research
1M ago
Key Takeaways: · Rising Threats: Cybersecurity landscape faces an unprecedented surge in ransomware attacks, with 1 in every 10 organizations globally being targeted in 2023. · Evolution of Tactics: Adversaries exploit zero-day vulnerabilities, employ disruptive wipers, utlise emerging RaaS (Ransomware-as-a-Service) tactics and target edge devices, amplifying the complexity of cyber threats. · AI-Powered Defense: Artificial intelligence emerges as a formidable defender ..read more
Check Point Research » Threat Research
1M ago
Introduction
Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, we discovered an interesting security issue in Outlook when the app handles specific hyperlinks. In this blog post, we will share our research on the issue with the security community and help defend against it. We will also highlight the broader impact ..read more
Check Point Research » Threat Research
1M ago
Research by: Raman Ladutska
We chose a fantasy decoration style at certain points of the article to attract attention to the described problem. We hope that visualizing a fantasy adventure as a fight against the source of evil will transform the real world and make it a safer and better place.
Figure 1 – The Title Page
Chasing new exploits, vulnerabilities, and threats is the way to go in the ever-changing cybercrime landscape. However, in a constant flow of information, the focus on yesterday’s highlights is low: every day, new CVEs occur, and new threats emerge. With this state of affairs, o ..read more
Check Point Research » Threat Research
1M ago
Key Findings
Two new 1-day LPE exploits were used by the Raspberry Robin worm before they were publicly disclosed, which means that Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time.
Raspberry Robin is continually updated with new features and evasions to be even stealthier than before.
Raspberry Robin slightly changed its communication method and lateral movement to avoid being caught by behavioral signatures implemented based on its previous version.
Raspberry Robin is spread with a new delivery method, disguising as a l ..read more
Check Point Research » Threat Research
2M ago
By Oded Vanunu, Dikla Barda, Roman Zaikin
A recent investigation conducted by Check Point Research has revealed a sophisticated NFT scam campaign operating on a large scale:
This campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders. It specifically focuses on more than 100 highly popular projects, aiming its attacks at token holders.
For instance, if you are listed as an APE token holder, the attacker would send you an airdrop labeled as an Ape NFT airdrop. The rationale behind this is that the attacker lacks access to the em ..read more
Check Point Research » Threat Research
2M ago
Research by: Jiri Vinopal
Key Points
Check Point Research (CPR) provides an introduction to .NET managed hooking using the Harmony library.
We cover the most common examples of implementation using different types of Harmony patches.
The practical example using Harmony hooking to defeat the notorious “ConfuserEx2” obfuscator results in the “ConfuserEx2_String_Decryptor” tool.
CPR reveals a neat trick how to combine both debugging and hooking using the Harmony library (Harmony hooking from the dnSpyEx debugging context).
Introduction
For a malware researcher, analyst, or reverse engineer, the ..read more
Check Point Research » Threat Research
3M ago
Research by: hasherezade
Highlights
The Rhadamanthys stealer is a multi-layer malware, sold on the black market, and frequently updated. Recently the author released a new major version, 0.5.0.
In the new version, the malware expands its stealing capabilities and also introduces some general-purpose spying functions.
A new plugin system makes the malware expandable for specific distributor needs.
The custom executable formats, used for modules, are unchanged since our last publication (XS1 and XS2 formats are still in distribution).
Check Point Research (CPR) provides a comprehensive review o ..read more