![1
©2022 Check Point Software Technologies Ltd.
[Internal Use] for Check Point employees
Yuval Raban
Dedi Shindler](https://image.slidesharecdn.com/cpx3602022endpointmobile-220808021032-3efb4f5a/85/CPX360_2022_Endpoint-Mobile-pptx-1-320.jpg)
![2
©2022 Check Point Software Technologies Ltd.
[Internal Use] for Check Point employees
Ransomware Attacks on the Rise
• Ransomware is in the news
every week:
Kaseya, Colonial Pipeline,
Accenture
• Ransomware-as-a-service
surging
• Ransomware is going mobile
93%
increase in ransomware
attacks worldwide YOY
Compared to the first half of the year](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
Recommended
More Related Content
Similar to CPX360_2022_Endpoint Mobile.pptx
Similar to CPX360_2022_Endpoint Mobile.pptx (20)
Recently uploaded
Recently uploaded (20)
CPX360_2022_Endpoint Mobile.pptx
- 1. 1 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Yuval Raban Dedi Shindler
- 2. 2 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Ransomware Attacks on the Rise • Ransomware is in the news every week: Kaseya, Colonial Pipeline, Accenture • Ransomware-as-a-service surging • Ransomware is going mobile 93% increase in ransomware attacks worldwide YOY Compared to the first half of the year
- 3. 3 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Major 2021 Attacks • A massive attack affecting numerous organizations • At least 1000 businesses impacted • Victims in 17 countries • Attack associated to Russian group REvil • Use of an old signed version of Microsoft’s antivirus to bypass protections • Affected 45% of all fuel consumed on the East Coast arrives via the pipeline system • Temporarily halted all pipeline operations • Ransomware-as-a-Service (RaaS) model
- 4. 4 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Deep Dive Into a Similar Ransomware Attack • Large EMEA retail company • 48 hours of complete shutdown • Operational and recovery costs
- 5. 5 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees The Attack Anatomy Jane got a message, and browsed to mobile site Jane downloads the PDF Jane opens the file on the mobile Jane sends the PDF through MS-Teams to Guy Guy downloads the PDF from Teams Web interface Guy opens the PDF on his mac Malicious payload from Guy’s computer infects the entire network segment
- 6. 6 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Harmony Powered: Defense Timeline Jane got a message, and browsed to mobile site Jane downloads the PDF Jane opens the file on the mobile Jane sends the PDF through MS-Teams to Guy Guy downloads the PDF from Teams Web interface Guy opens the PDF on his mac Malicious payload from Guy’s computer infects the entire network segment
- 7. 7 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees • Anti-phishing engine instantly inspects the link • Unknown sites analyzed in real- time with Zero-phishing User receives a message with a link URL identified as malicious phishing and blocked Secured Internet Browsing & Phishing Prevention
- 8. 8 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Harmony Powered: Defense Timeline Jane got a message, and browsed to mobile site Jane opens the file on the mobile Jane sends the PDF through MS-Teams to Guy Guy downloads the PDF from Teams Web interface Guy opens the PDF on his mac Malicious payload from Guy’s computer infects the entire network segment Jane downloads the PDF
- 9. 9 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees User attempts to download a file to the device File download is scanned and prevented Threat details immediately available to the user Malicious File Download Prevention
- 10. 10 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Harmony Powered: Defense Timeline Jane got a message, and browsed to mobile site Jane downloads the PDF Jane sends the PDF through MS-Teams to Guy Guy downloads the PDF from Teams Web interface Guy opens the PDF on his mac Malicious payload from Guy’s computer infects the entire network segment Jane opens the file on the mobile
- 11. 11 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Files downloaded are placed in quarantine File download is uploaded to emulation Cleansed files can be opened safely Zero Day File Protection
- 12. 12 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Harmony Powered: Defense Timeline Jane got a message, and browsed to mobile site Jane downloads the PDF Jane opens the file on the mobile Guy downloads the PDF from Teams Web interface Guy opens the PDF on his mac Malicious payload from Guy’s computer infects the entire network segment Jane sends the PDF through MS-Teams to Guy
- 13. 13 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Risk-Based Conditional Access 1 2 3 UEM Integration Risk Score
- 14. 14 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Harmony Powered: Defense Timeline Jane got a message, and browsed to mobile site Jane downloads the PDF Jane opens the file on the mobile Jane sends the PDF through MS-Teams to Guy Guy opens the PDF on his mac Malicious payload from Guy’s computer infects the entire network segment Guy downloads the PDF from Teams Web interface
- 15. 15 ©2020 Check Point Software Technologies Ltd. Threat Extraction (CDR) Sanitized and Delivered in under 1.5 seconds Sandbox Threat Emulation (Sandbox) Original file scanned in the background Delivered upon request only if deemed benign [Internal Use] for Check Point employees Download File to PC from the Same App
- 16. 16 ©2020 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees Harmony Powered: Defense Timeline Jane got a message, and browsed to mobile site Jane downloads the PDF Jane opens the file on the mobile Jane sends the PDF through MS-Teams to Guy Guy downloads the PDF from Teams Web interface Guy opens the PDF on his mac Malicious payload from Guy’s computer infects the entire network segment
- 17. 17 ©2022 Check Point Software Technologies Ltd. Automated Detection, Investigation & Remediation Quarantines what’s malicious Monitors and collects all the events Detects attacks File restoration & rollback Forensics report Cleans the entire attack kill chain AUTOMATION [Internal Use] for Check Point employees
- 18. 18 ©2022 Check Point Software Technologies Ltd. Check Point Harmony The industry’s first unified security solution for users & access Secure internet access Endpoint security 1 2 3 Zero trust corporate access Email & collaboration app security Mobile security 4 5 [Internal Use] for Check Point employees
- 19. 19 ©2022 Check Point Software Technologies Ltd. 360° ENDPOINT PROTECTION RUNTIME PROTECTION 03 REDUCING THE ATTACK SURFACE 01 PREVENTING ATTACKS BEFORE THEY RUN 02 Host Firewall Compliance VPN Web protection Data Security Content Disarm & Reconstruction Sandboxing NGAV Anti-malware Zero-phishing Anti-ransomware Anti-bot Anti-exploit Behavioral Analysis [Internal Use] for Check Point employees
- 20. 20 ©2022 Check Point Software Technologies Ltd. PROTECTING DATA ACROSS ALL ATTACK SURFACES [Internal Use] for Check Point employees DEVICE & OS 03 APPLICATIONS 01 NETWORK & FILES 02 BEHAVIORAL RISK ENGINE Real-time analysis Malicious side-loading prevention 01 I Anti-phishing / Zero-phishing I File Protection I Risky Download Prevention I Secured browsing I Conditional access I Anti-bot I Protected DNS I Wi-Fi network security (MiTM) 02 Device risk assessment I OS vulnerabilities I Device-level exploits I Risky configurations I Advanced rooting I Jailbreak detection 03
- 21. 21 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees All vectors All threats Network Attacks Bot attacks Zero-days Ransomware Data leakage Phishing Device Exploits Malware All devices 60+ AI & traditional security engines The industry’s most powerful threat intelligence Best prevention Company-owned and BYOD: Mobile, PCs Malicious emails Malicious websites Rogue applications Malicious files Rouge Networks Human error USB Harmony: 360° user protection Against known and zero-days threats
- 22. 22 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees • Ransomware is on the rise • Harmony provides complete protection against Ransomware
- 23. 23 ©2022 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
Editor's Notes
- Hi, I’m Yuval -and I’m Dedi Today, we’d like/ we want to talk to you about Ransomware, and why you should care about Ransomware. We’ll discuss the current landscape of Ransomware attacks, and then we will Deep dive into a case study, to show how Check Point’s Harmony solution provides a multi-layered protection against this attack. Finally we will present the full range of protection applied when using the Harmony suite. <<CLICK>>
- Before diving in, let’s remember how frequent and severe are Ransomware cyberattacks a in 2021 <CLICK> Check Point Research has seen a 41% increase in attacks since the beginning of 2021, and a 93% increase year over year << CLICK >> Ransomware is in the news every week, with names like: Kaseya, Colonial Pipeline, Accenture << CLICK >> Ransomware-as-a-service is a rising trend, with constant usage increase << CLICK >> Ransomware does not skip mobile, as seen in the latest case of Lucy. A Malware-as-a-Service botnet for Android devices that had recently launched a new ransomware capability. <<CLICK>>
- A couple of examples are <<CLICK>> Kaseya, a cloud-based managed security services provider (MSSP) that offers patch management, experienced a massive attack affecting numerous organizations Over 1,000 businesses were affected, with victims identified in at least 17 countries The attack was carried out during the 4th of July weekend <<CLICK>> REvil used a zero-day vulnerability that was in the process of being fixed Ransom demand ranged from $45K to $5 million US Dollars. <<CLICK>> Attack started by utilizing existing operating system files like PowerShell The interesting part of this attack involves the use of an old version of Microsoft’s own antivirus for encryption, bypassing most security products that ignore Microsoft’s AV <<CLICK>> Another major attack happened at Colonial Pipeline, an American oil pipeline system. <<CLICK>> The attack temporarily shut down all pipeline operations, impacting 45% of all fuel consumed on the East Coast <<CLICK>> DarkSide works in a Ransomware-as-a-Service (RaaS) model, where it leverages a partner program to execute its cyber attacks <<CLICK>> The total ransom paid was almost $5M, FBI confirmed DarkSide group was responsible <<CLICK>>
- Let’s deep-dive and examine a case study in which a large EMEA retail company got hit by/with a ransomware attack. Files were encrypted throughout the organization, blocking access to critical business data, while a $2M ransom was demanded. The attack caused a 48-hour complete shutdown which incurred both operational and recovery costs on the company. In the aftermath, it was realized that a single Endpoint device has infected multiple computers in the corporate network. <<CLICK>>
- Let’s take a look of how such an attack could have materialized in the organization <<CLICK>> /show video This video depicts a flow using MS-Teams, and later on with MS-Intune. We know there is a very broad range of applications, UEMs, and more, that can play a factor in such a materialization. We use a specific file in the example, but you can consider CVs, and many other files that can take part in such an event. <<CLICK>> /start video Jane receives a message with a download link to a book <<TRIGGER>> (downloads) (0:00:05) She goes on to download the file to her iPhone <<TRIGGER>> (opens) (0:00:10) To open the file on the device Jane looks in the downloads folder The file seems legitimate, and harmless, since it does not target mobile devices <<TRIGGER>> (Jane-Guy share) (0:00:18) As Jane’s phone has access to corporate resources, she is able to forward the copy to Guy through the Microsoft Teams application. Jane writes down an explanatory message, and sends a copy (0:00:33 // at end). <<CLICK>> (finish mobile video, start EP) <<CLICK>> (move to EP video + download from teams) Guy enters the Microsoft Teams web application and downloads the PDF file. <<TRIGGER>> (open on PDF + malicious payload) Shortly after opening the file, malicious code executes, encrypts all critical operating system data, and laterally moves to other victim targets. <<TRIGGER>> Guy then sees the ransomware bounty screen asking him to pay or all his files will be lost. <<CLICK>>
- Let’s review every step of the way, BUT this time with Check Point Harmony so you can see how the attack is prevented. <<CLICK>>
- With Harmony Mobile installed, once Jane clicks on the link <<CLICK>> The On-device Network Protection engine uses Check Point ThreatCloud to instantly inspect the link. <<CLICK>> The analysis includes both known and unknown threats And in this case, it identifies a malicious URL and blocks the access to the malicious hosting site. <<CLICK>>
- We have seen how Harmony blocks non-secured mobile browsing. Back to our defense timeline, moments after, Jane downloads the book from the malicious web site <<CLICK>>
- When Jane attempts to download <<CLICK>> New and unique On-device File Protection technology scans the file and prevents the malicious file download. <<CLICK>> While the threat details are shown to the user <<CLICK>>
- Harmony, is able to block the second stage of the attack, the PDF download. Jane opens the file on her mobile, which can result in malicious code execution on the mobile device <<CLICK>>
- Any file downloaded is quarantined until full analysis is done for any malicious content – targeting the phone, or the corporate PCs. <<CLICK>> Harmony Mobile uploads the file to Threat Cloud for additional emulation, using state of the art Sandboxing and CDR capabilities, ensuring any threat will be removed from the file <<CLICK>> Jane, can open files freely, knowing they are protected <<CLICK>>
- So far, we have covered how Harmony is capable of preventing the malicious file from ever reaching the device. While Jane’s is a personal device, it also acts as an access gate into the corporate resources. What if the file reached it anyway? <<CLICK>>
- When detecting a security compromize, using the device security posture, <<CLICK>> The corporate security administrator can ensure that devices <<CLICK>> that may hold a risk to the organization <<CLICK>> No longer have access to corporate resources. Ensuring that the lateral movement in the organization is prevented, as <<CLICK>> Microsoft teams would not be accessible from Janes’ phone. <<CLICK>>
- In the previous steps, we have demonstrated how Harmony Mobile keeps the mobile device completely protected from such threats. Now, we will be focusing on the second part of the attack, which occurs on the Mac laptop (operating system) <<CLICK>>
- Guy receives a teams message from Jane containing a file. <<CLICK>> The traditional approach of protecting against infected documents by looking for malware, leaves gaps and does not provide complete protection <<CLICK>> Harmony Endpoint lets you quickly deliver safe, sanitized versions of common document formats to provide real-time protection and maintain uninterrupted business flow <<CLICK>> Threat Emulation can protect your network against new malware, zero-day vulnerabilities and targeted attacks Harmony Endpoint Threat Emulation service works online as well as offline, enabling users with extended security even when they are disconnected from the Cloud <<CLICK>>
- Finally, Harmony implements additional measures to ensure that malicious files are not able to execute their malicious content, as well as automatically remediate the incident <<CLICK>>
- Driven by automation, Harmony Endpoint ensures full on-device attack detection and remediation, even in an offline mode The solution automatically and in real-time records endpoint events for long-term retention, enriching these events with threat intelligence Harmony Endpoint collects indicators from endpoint devices, and correlate them with behavioral heuristics, rules, and machine learning models By automatically quarantining infected machines the attack won’t spread laterally across the rest of the corporate network Once the attack is mitigated Harmony Endpoint automatically restores the device to the last clean point The solution ensures full visibility into the actions taken with auto-generated forensics report, while informing the user on all the automated actions taken Forensics data supplies hunt leads to enable security professionals to query the historical data and uncover attack residue across the environment So, what does it mean for security admins? <<CLICK>> It means they can focus on the critical tasks and make sure Harmony Endpoint takes care of the rest They spend less time taking manual actions for detection, analysis, investigation, correlation and response <<CLICK>>
- Harmony Mobile and Harmony Endpoint <<CLICK>> The solutions enabling Ransomware protection, are part of Check Point’s Harmony, the industry’s first unified security solution for users, devices, and access - ensuring that the corporate assets are protected, organizational access remains secured. <<CLICK>>
- So what does “complete endpoint protection” mean? How does Harmony Endpoint prevent the most imminent threats to the endpoint? Multiple capabilities of Harmony Endpoint are provided in a way to ensure endpoints have multi-layered 360 degrees protection. <<CLICK>> It all starts with reducing the attack surface with VPN, host firewall, data and web protection. <<CLICK>> Once the surface is reduced, Harmony Endpoint leverages NGAV, anti-malware, anti-phishing, sandboxing and content disarm and reconstruction technologies to prevent attacks before they start. As a core component of Harmony, the new Harmony Browse uniquely provides secure, fast, and private web browsing inspecting all SSL traffic directly on the endpoint without adding latency or by re-routing traffic through a secure web service <<CLICK>> Yet should an attack get through, Harmony Endpoint has a runtime protection in place to address and remediate those attacks with behavioral analysis, anti-ransomware, anti-exploit and other technologies in place. <<CLICK>>
- Harmony Mobile provides complete protection across 3 layers: Harmony Mobile prevents malware from infiltrating employees’ devices by detecting and blocking the download of malicious apps in real-time. Check Point’s unique Behavioral Risk Engine runs application analysis in a cloud-based environment to determine if an app is malicious, leveraging machine learning and AI, sandboxing, advanced code flow analysis, anomaly detection and app reputation among other techniques. <<CLICK>> Harmony Mobile’s unique network security infrastructure – On-device Network Protection – allows businesses to stay ahead of emerging threats by extending Check Point’s industry-leading Threat Cloud technologies to mobile devices. It offers a broad range of network and file security capabilities, including: Protection against phishing attacks across all apps, both from known and unknown zero-day phishing sites Preventing file threats from reaching the device, or into the organization Providing a fully secured browsing experience. Detecting MiTM attacks, and more <<CLICK>> And lastly - OS and Device Protection As we have seen with the Achilles vulnerability last year, and the most recent one in MediaTek DSP. Device vulnerabilities can impact up to 40% of Android devices in the world, making them susceptible to PE access by mobile applications. Harmony Mobile ensures devices are not exposed to compromise with real-time risk assessments detecting device-level exploits, OS vulnerabilities, configuration changes, advanced rooting and jailbreak detection. <<CLICK>>
- With Check Point Harmony, your users get the same level of protection regardless of where they are, the applications they access, or the devices they use. Whether it’s a phishing website, a device vulnerability, a malicious email attachment, or zero-day ransomware, the solution protects them from cyber threats and across all attack vectors. Powered by revolutionary AI engines and the industry’s most extensive threat intelligence network. Harmony stops attacks before they happen. <<CLICK>>
- To sum up- ransomware is on the rise, but with Harmony, you can rest easy knowing that all attack vectors are covered: Phishing and 0-phishing, network based attacks, malicious files, malicious applications, known vulnerabilities – all with ability to automate remediation and automatically mitigate the risk. <<CLICK>>