HALT THE HACKERS

Justin Berman | Security Engineer

©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 1
 Who is Check Point?
THE WORLD’S LARGEST DEDICATED SECURITY VENDOR

THREAT INTELLIGENCE
ANALYSTS

THREAT PREVENTION
RESEARCHERS

MOBILE SECURITY

3000
RESEARCHERS

SECURITY ARCHITECTS

SECURITY EXPERTS
CYBERSECURITY
INVESTIGATORS

REVERSE ENGINEERS

COMPUTER INCIDENT
RESPONSE TEAM (CIRT)

©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 2
©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 3
 80’s and 90’s

• Who ?
̶ Nerds
̶ Computer geeks

• Why ?
̶ Show off
̶ Fun
̶ Cause damage

©2017 Check Point Software Technologies Ltd. [Internal

[Restricted]
Use] forfor
Check
designated
Point employees​
teams ​ 4
 The Internet of things BRINGS WITH IT NEW challenges

©2017 Check Point Software Technologies Ltd. 5

 Nowadays
Who ?
Cyber criminals
Organized crime
Governments
Army
Intelligence

Why ?
Make/Steal Money
Steal/Sell Data
Cause Damage
Spy
©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 6
 AN EVER- CHANGING THREAT LANDSCAPE
Every year THREATS are becoming more sophisticated
and MORE FREQUENT

2014

2010
2007
2004
1997 RANSOMWARE
HACTIVISM
STATE SPONSORED
INDUSTRIAL ESPIONAGE
NEXT GEN APTS
VIRUSES ADWARE DDOS (MASS APT TOOLS)
AND AND APTS UTILIZING WEB
WORMS SPYWARE INFRASTRUCTURES (DWS)

[Protected] Non-confidential content

©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 7
 How Hackers Catch Their Victims

46% of impactful threats

enter organizations via
malicious browser links in email

41% of impactful events used

drive-by or download of malicious
programs via browsers

Source: SANS Institute Survey, 2016

©2017 Check Point Software Technologies Ltd. [Restricted]
[Internal Use]ONLY for designated
for Check groups and individuals​
Point employees​ 8
 80% of organizations
experienced a phishing
incident in the last 12
months These attacks use
no malware at all,
reaching victims via

38% of attackers bypass social engineering

and phishing
endpoint defenses using social
engineering
Source: SANS Institute, 2016
©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 9
 Darknet aka “Deep Web”

©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 10
©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 11
 334 listings for “software &
malware”

©2017 Check Point Software Technologies Ltd. Images from:

[Internalwww.deepdarkweb.com
Use] for Check Point employees​ 12
 There are known knowns
We also know there are known unknowns

2012 Critical 2013 Critical Critical vulnerabilities

vulnerabilities vulnerabilities
We know that
30 17 64 102 unknown vulnerabilities
will keep increasing in
popular business
57 16 55 12 applications each year

114 91 117 92

©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 13
 Social Profile Technical Profile

First Name IP Address

Last Name Browser Type
Likes Plug-ins deployed
Gender OS Type
Email Patch History
Phone Number Anti-Virus Brand
Topic of Interest Applications
Gathering Intelligence
Usernames User permissions

[Internal Use] for Check Point employees​

©2017 Check Point Software Technologies Ltd. 14

 Value of a Hacked PC

©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 15
Hamas’ cyber tactics exposed
Attacking IDF soldier’s mobile phones

©2017 Check Point Software Technologies Ltd. 16

“…One day she sent me a message
on Facebook.

We spoke continuously for a few

days.
She said: “Let’s both download this
app, let’s talk there”.
Then I discovered it wasn’t a girl…

It was Hamas”.
©2017 Check Point Software Technologies Ltd. 17
These apps were actually
infected with Trojan horse YeeCall Pro
malware.

©2017 Check Point Software Technologies Ltd. 18

 We got a sample of one of
the malicious apps.
Let’s install it and see what
happens…

©2017 Check Point Software Technologies Ltd. 19

Opening the
app shows an
error

©2017 Check Point Software Technologies Ltd. 21

Tapping OK
seems to
uninstall the
app

©2017 Check Point Software Technologies Ltd. 22

 Is it really uninstalled?

©2017 Check Point Software Technologies Ltd. 23

Checking The app is a
system settings malware
shows that the targeted to
app is still impact the
installed and device or
running in the exfiltrate
background sensitive data
from the device
©2017 Check Point Software Technologies Ltd. 24
 MALICIOUS APPS DAMAGES
Tracking Stealing Taking
Tapping
Location Contact list Photos
WhatsApp
Call Tapping Stealing Messages
(SS7) Emails Microphone
Recordings Stealing
Passwords

©2017 Check Point Software Technologies Ltd. 25

 Check Point
Mobile Threat
Prevention
protect against
such malicious
apps
©2017 Check Point Software Technologies Ltd. 26
 NSS LABS- Check Point’s Track Record of
Security Leadership and Excellence!
IPS Recommended – Nov 2013 NGFW Recommended – Sept 2014
100% Management score and Best annual Management Labor Cost (Upkeep and
4th NGFW Recommended
Tuning)!

NGFW Recommended – Feb 2013 BDS Recommended – Aug 2015

Best Security + Management Score of 98.5%! 1st time tested , 100% unknown malware catch-rate

IPS Individual Test – Feb 2013*

61000 IPS Security Score of 99%! 26.5G IPS
NGFW Recommended – Mar 2016
99.8% Catch rate and 5th NSS NGFW Recommended!
FW Recommended – Jan 2013
Best Security + Management score of 100%!

IPS Recommended – July 2012

Leading integrated IPS Security Score of 98.7%!

NGFW Recommended – Jan 2012

Continued NGFW Leadership and Excellence!

FW Recommended – April 2011

Only vendor to pass the initial test!

NGFW Recommended – April 2011

World’s first NSS Recommended NGFW!
• Individual product test and not part of a Group Test.
IPS Recommended – Jan 2011 NSS only awards “Recommended” in Group Tests.
27
Best integrated IPS Security Score of 97.3%!
©2016 Check Point Software Technologies Ltd.

©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 27
 Cloud threat
Mobility SMB / branch solutions prevention security
Seamless gateway
solutions document
encryption Public Cloud DC
Protection

Secure
business
container
Industrial
Control
Systems (ICS)
Wireless /
Mobile Threat
Wired SMB
Prevention
gateways
SSL VPN

Cloud application security

Remote Access VPN
Private cloud and
virtualisation Virtual
protections security
gateway

Site to site VPN

Main office DDoS Hardware
protection
Data loss
prevention Check Point
Security Gateway
Endpoint protections
• Desktop Firewall • protection
• Application • Anti-Malware
control • VPN
• Full disk • Anti-Bot and
encryption Forensics
• Media encryption • URL Filtering Industry leading zero- Unified management Security incident and Policy
and port day sandbox solution event reporting Management
• Compliance console 28
©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​
 MULTI-LAYERED, CONSOLIDATED Endpoint Offering

Summary Market Leading INFORMATION CENTRIC Security Solution for

achieving compliance

INNOVATIVE Solution, focusing on DETECTION, REMEDIATION

and VISIBILITY

Flexible REMOTE ACCESS solutions

SCALABALE and EASY Management

©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 29
 Open Discussion

©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​ 30
 MALICIOUS APPS DAMAGES
Tracking Stealing Taking
Tapping
Location Contact list Photos
WhatsApp
Call Tapping Stealing Messages
(SS7) Emails Microphone
Recordings Stealing
Passwords

©2017 Check Point Software Technologies Ltd. 31