Check Point® Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today announced the detection of evolving phishing and bot attacks by Check Point Threat Emulation Software Blade. The attacks used new exploit variants of vulnerability (CVE-2012-0158) to target employees at several large global organizations. And by using Check Point’s new threat emulation sandboxing technology, the attacks were discovered before anti-virus signatures were made available.
The attacks started with phishing emails purporting to be from Citibank or Bank of America. The emails, which contained subject lines such as “Merchant Statement”, invite recipients to open an infected Microsoft Word attachment. Instead of a legitimate statement, the attachment contains malware that if opened, automatically executes, infects recipient computers, and renders them under the control of a larger bot network. The malware can open network ports, steal user credentials, such as logins and passwords, and act as a self-propagating spam bot ready to execute any new attack instructions and spread malicious emails to other targets – a unique aspect of these attacks.
“Cybercriminals are constantly launching new attacks, distributing thousands of new malware variants every day,” said Dorit Dor, vice president of products at Check Point Software Technologies. “Traditional anti-virus solutions are not enough when it comes to dealing with unknown threats.”
“Organizations need a multi-layered security solution that includes Threat Emulation technology capable of detecting and preventing against new attacks and variants of existing ones. Our sandboxing technology closes the gap between the time new attacks are launched and when AV updates are made available, providing the most effective threat prevention available today,” added Dor.
Check Point provides comprehensive protection against all types of threats. The Threat Emulation Software Blade prevents infections from undiscovered exploits, zero-day, and targeted attacks. This innovative solution quickly inspects suspicious files, emulates how they run to discover malicious behavior, and completely prevents malware from entering the network. Check Point Threat Emulation also immediately reports new threats to Check Point’s ThreatCloud™ service which automatically shares the newly identified threats with other customers.
For more information on the attacks, please click here: www.checkpoint.com/defense/advisories/public/announcement/2013/2013-05-14-threat-emulation-detection.html
Follow Check Point via