Checkpoint’s Cyber Oscars names world’s biggest threats and cyber threat actors

Michael Tumusiime, Lead Security Engineer, Checkpoint East Africa

Checkpoint, a global powerhouse in cyber-security recently took the opportunity to highlight the biggest threat and threat actors of 2017 detailing how they achieved notoriety and what can be done to avoid falling victims.

While making an inspiring presentation at Cloud and Security Summit, organised by CIO East Africa and the Rwanda Information Society Association (RISA) Michael Tumusiime, Lead Security Engineer at Checkpoint East Africa said awarding the notorious with accolades they deserve, positions organisations either hit or otherwise to avoid being prey to the cyber attackers.

“Security of the cloud is the responsibility of cloud provider, while service in the cloud is the end-users’ responsibility,” asserted Tumusiime while debunking cyber security and myths around cloud computing at the summit themed: Protecting the Digital Space!

“Security of the cloud is the responsibility of cloud provider, while service in the cloud is the end-users’ responsibility,” asserted Michael Tumusiime, Lead Security Engineer, Checkpoint Eastern Africa while debunking cyber security and myths around cloud computing at the Cloud and Security Summit themed: Protecting the Digital Space!

Acknowledging that cybercriminals are becoming smarter, he posed challenges to end-users that hinged on deployment of appropriate technologies to cope with mega-attacks and anticipated future cyber security challenges. “Are we using the appropriate generation of technologies to cope with these Mega-attacks? Finally, how different will our security challenges look like in 5 years from now?”

The summit that had brought together an average 450 IT and Cyber Security experts comprising Cyber Governance and Compliance Teams, CISOs, CIOs, CTOs and IT Architects learnt from Tumusiime on the need to wary about native cloud security tools.

Tumusiime was categorical that 2017 was a game changer in the world of cyber-crime, noting that mega-attacks had spread fast to almost every country and every industry possible – from banking, transportation to healthcare to production lines.

He pointed out that regardless of all current investments in cyber security, per a recent survey conducted by Check Point, 98 percent of IT professional respondents had experienced a significant cyber security threat in the past three years, raising the question if organisations were adopting the right security strategy.

Giving examples of Hawkeye; Keylogger and an info-stealer, found in the past to be used by Nigerian threat actors and NetWire a Remote Access Trojan disguised as a DOC file he warned of threats that come with such attachments.

It is important to understand that “malware as-a-service” allows full control over hit machines, Tumusiime cautioned stating the need to be wary about suspicious or malicious email attachments.

The attachments are typically received from unknown senders. He noted that most of the time, the subject line or the email body typically contains a “special one-time offer” or a “call to action” to induce the recipient to open the attachment,” said Tumusiime.

To address this worrying trend, he pointed-out that Check Point’s SandBlast™ Cloud provides industry-leading security for Microsoft Office 365™ email to prevent known threats and unknown malware from reaching end-users. Dramatic growth in the use of cloud-based email for the enterprise brings with it an array of security risks, including susceptibility to sophisticated attacks such as ransomware which use email as a primary entry point.

And the Cyber Oscars went to the following cyber-players

Security researchers have discovered a massive malware campaign that has already infected more than 250 million computers across the world, including Windows and Mac OS.

Dubbed Fireball, the malware is an adware package that takes complete control of victim’s web browsers and turns them into zombies, potentially allowing attackers to spy on victim’s web traffic and potentially steal their data.

Check Point researchers, who discovered this massive malware campaign, linked the operation to Rafotech, a Chinese company which claims to offer digital marketing and game apps to 300 million customers.

Best Director, Cryptocurrency Miners – Monero

Checkpoint notes that popularity and increasing real-world significance of cryptocurrencies are also drawing cybercriminal attention — so much so that it appears to keep pace with ransomware’s infamy in the threat landscape. In fact, cryptocurrency mining was the most detected network event in devices connected to home routers in 2017.

Mirai is a self-propagating botnet virus.   The source code for Mirai was made publicly available by the author after a successful and well publicised attack on the Krebbs Web site in 2017.  Since then the source code has been built and used by many others to launch attacks on internet infrastructure. The Mirai botnet code infects poorly protected internet devices by using telnet to find those that are still using their factory default username and password.   The effectiveness of Mirai is due to its ability to infect tens of thousands of insecure devices and co-ordinate them to mount a DDOS attack against a chosen victim.

SMBs: Although small businesses (SMBs) were not usually cyber attack “targets” per se, information security is still critical for them because such a high percentage of cybercrime attacks are “opportunistic” (non-targeted). The reality is, every organisation is a target regardless of size.

“Not a single organisation should ever say that they are too small to be cyber attack target. Everyone is an opportunistic target.  Although big companies are often more vulnerable to strategic attacks, small business cyber attacks are also common because many attackers use an opportunistic approach that puts everyone at risk,” said Tumusiime while sharing highlights on vulnerabilities.

Apache: In reference to Apache, the Cyber Oscars noted that a remote code execution vulnerability exists in the Apache Struts2 using Jakarta multipart parser. An attacker could exploit this vulnerability by sending an invalid content-type as part of a file upload request. Successful exploitation could result in execution of arbitrary code on the affected system.

RTF : Checkpoint notes that a use-after-free vulnerability exists in the RTF parser of the LibreOffice office suite. The vulnerability is due to invalid parsing of stylesheets in RTF files. By enticing the user to open a specially crafted RTF file, an attacker could exploit this vulnerability to execute arbitrary code on the affected system.

DDE: According to a Remote Code Execution Vulnerability Protection Check Point Referenced: CPAI-2017-0858, published: 20 Oct 2017, a remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to the DDE feature that allows an Office application to load data from other Office applications. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted email message in Microsoft Outlook. Successful exploitation of this vulnerability may result to take control of an affected system.

Tumusiime noted that Check Point is promising partner against cyber-crime. “This is realised on a daily basis by thousands of Check Point customers worldwide using the most advanced cyber security technologies.” he stressed after highlighting the scoops of the Cyber Oscars that led to him finalising his presentation on a high note by declaring C

Checkpoint’s Cyber Oscars names world’s biggest threats and cyber threat actors