Microsoft and Check Point Protect Employees from Leaking Sensitive Business Data and Intellectual Property

To safeguard organizations from loss of data, Microsoft and appearance Point has worked carefully together to integrate Microsoft Azure Information Protection (AIP) with Check Point Next-gen Firewall Security Solutions.  The integrated solution keeps sensitive business data absolutely safe, no matter where it travels or how it's shared, including via email, web surfing or file discussing services that aren't incorporated inside the Microsoft eco-system.

Customers of both Check Point and Microsoft can be assured knowing their workers is going to be avoided from accidentally delivering sensitive and valuable business data outdoors from the corporate network, not only when utilizing Outlook or Microsoft Exchange, but additionally when utilizing popular services and applications for example Gmail, Dropbox, FTP & Box. By leveraging the Check Point abilities of policy enforcement over the network, Microsoft Azure Information Protection file classification and protection abilities are extended and substantial security gaps are sealed. Therefore, joint customers can also enjoy an extensive Loss Of Data Prevention solution, their security teams can track and control the exposure of sensitive information and take corrective measures to avoid data leakage or misuse.

How Loss Of Data Prevention works in the finish-user perspective

Let’s check out a typical loss of data scenario. Your company’s CFO just finished developing a highly private financial report using Microsoft 'office' Word.  Azure Information Protection (AIP) recognizes the sensitive content within the document and prompts him to label the document as “Confidential Financial Data”.  Using the proper private label, nobody in the organization can accidentally send this file for an exterior recipient or location outdoors from the corporate network. Whatever the application (Outlook, Gmail, Dropbox, FTP), Check Point Loss Of Data Prevention (DLP) will block any improper distribution from the document and immediately inform the consumer.  Besides this method educate the consumer about any improper data handing, it will help prevent any future issues.

Loss Of Data Prevention - the Admin perspective

Let’s check out this same CFO loss of data scenario from your IT managers perspective.  Many IT organizations which use Office 365 productivity solutions also have adopted AIP to classify, label and safeguard their sensitive information. AIP sensitivity labels does apply instantly according to IT administrator rules and types of conditions, by hand by finish users, or perhaps in a mixture where finish users receive recommendations.  Within the use situation from the CFO loss of data, the IT security team has pre-configured an AIP label known as “Confidential Financial Data”. According to this label, the safety teams also have defined a cheque Point unified security policy rule (which includes a Content Awareness AIP data type) to safeguard private financial information from being sent outdoors from the organization.  When the AIP label was put on the CFO financial report, Check Point Security Gateways could identify and enforce the private designation, no matter where the document was sent or the way it was shared.

Unified Loss Of Data Prevention Over the Enterprise

Because Check Point DLP enables policy enforcement of information on the road in the network level, the IT Security teams can track and control how documents are now being shared and immediately take corrective measures to avoid data leakage. Additionally, DLP is built-into Check Point’s security management platform enabling enterprises to use a unified document protection policy over the organization whilst managing access control, threat prevention policies, and incident analysis.

CloudGuard IaaS Supports Kubernetes and Container Security

Almost 9000 people attended Check Point’s CPX 360 occasions in Bangkok, Vegas and Vienna captured where we shared security guidelines, product developments and roadmap with this customers and partners.

My session involved Kubernetes and Container Security. In the finish from the session, I guaranteed to update our customers and partners with relevant roadmap bulletins during 2019, and i'm pleased to provide the first announcement today:

Check Point CloudGuard IaaS now supports North-South inspection for improved Kubernetes security.

The brand new Container security functionality will come in native Kubernetes/OpenShift in addition to managed Kubernetes services for example Azure Kubernetes Service (AKS), Amazon . com EKS, Google Kubernetes Engine, yet others.

Included in this release, CloudGuard IaaS offers the following additional features:

• Secure the traffic between Kubernetes microservices as well as your on-premises or cloud assets (also referred to as “North-South traffic”) using IPsec Virtual private network. For instance: CloudGuard IaaS enables you to definitely configure Virtual private network involving the cloud atmosphere as well as on-premises, for your microservice to speak safely together with your on-premises database.
• Outgoing and incoming traffic inspection using all Check Point security blades, including Invasion Prevention Service (IPS), Anti-Virus, Anti Bot, and Virtual private network, supplying advanced threat prevention for your Kubernetes atmosphere and container deployment.
• Dynamic policy that changes because the Kubernetes atmosphere changes, including an access policy that is dependant on Kubernetes tags (labels, services, etc.).
• Full HTTPS support: CloudGuard IaaS enables you to definitely perform inspection of SSL/TLS traffic that flows to some microservice. It enables you to select whether or not to inspect the traffic in order to pass it and route it in line with the Server Name Indication (SNI).
• Virtual Patching: Containers are made using packages which might contain vulnerabilities. In situation a vulnerability was discovered inside a package, updating the affected containers might take a couple of days or perhaps a couple of several weeks in some instances. CloudGuard IaaS provides the opportunity to define virtual patching, which prevents exploiting this vulnerability before you deploy new containers having a non-vulnerable package.

Furthermore, CloudGuard IaaS enables you to definitely automate your Kubernetes security using common scripting languages for example Terraform and Ansible.

What exactly are a couple of common use cases for that new Container security functionality?

Application Control and Anti-Bot

Among the potential attack vectors in Kubernetes environments would be to exploit a container and employ its compute resource to spawn a bitcoin-mining container that is fetched from your exterior, malicious container registry. (Read in regards to a similar hack of Tesla’s Kubernetes deployment here.) Using CloudGuard IaaS, you are able to restrict communication to reliable registries only. Furthermore, you are able to enable Anti-Bot and therefore avoid the malicious bitcoin-mining container from receiving instructions in the unauthorized command and control server.

Scale Out Occasions

Whenever a new pod is put into the Kubernetes atmosphere inside a scale out event, CloudGuard IaaS realizes that there's a brand new podIt then will get the assigned Ip and updates the CloudGuard security gateway with this particular data. When the pod’s labels match a precise policy, the safety gateway doesn't need any manual policy installation it starts inspecting the traffic instantly based on the defined policy.

Vulnerability

If your new vulnerability was discovered in NGINX for instance, as well as your engineering team estimates it will require five days to ship a brand new container, CloudGuard enables you to definitely enable a particular IPS signature which will prevent anybody from making use and exploiting the containers designed to use this NGINX version. When your team deploys the containers having a non-vulnerable version, you are able to remove this IPS signature to be able to release CloudGuard IaaS sources and improve performance.

Winning with Innovative Defense

Within this Stanley Cup Final, the St. Louis Blues will have from the Boston Bruins, with Game 1 scheduled for May 27th.

Evolving towards the Stanley Cup Final the very first time in 49 years, the St. Louis Blues claimed a 5-1 victory within the San Jose Sharks in Game 6 on Tuesday. In comparison, the Boston Bruins are headed towards the Stanley Cup Final for that third amount of time in nine seasons, getting bumped out the Carolina Hurricanes having a 4- win within the Eastern Conference Final.

As lately as The month of january, the St. Louis Blues rated in the tail from the National hockey league standings. Working their in place from the foot of the heap, the Blues were able to reposition themselves by strengthening their defense, and having fun with greater speed and physicality.

A wave of effective defensemen render Boston Bruins fans spoiled, with Zdeno Chara and Charlie McAvoy presently leading those.

Check Point Software Technologies loves an excellent defense, and it is consequently a proud advertising supporter from the Stanley Cup Finals.

Defense is really a position that needs proper thinking, and constant recalibration from the landscape to judge change and threats. Once the threats change, you have to react fast. This is exactly what Check Point does best.

Quickly blasting away threats needs a collaborative partnership. Within the National hockey league it takes a left D along with a right D. In cyber security, it’s important to work with a star-studded threat prevention team. With the proper people in your team, you are able to achieve unbelievable victories.

SandBlast Agent Protects Against BlueKeep RDP Vulnerability

Lately, a burglar advisory was launched for any vulnerability in RDP (Remote Desktop Protocol) affecting multiple Home windows Os's just before 8.1. Based on Microsoft’s advisory, this vulnerability could be exploited for remote code execution and denial and services information attacks. All of this without requiring the credentials from the target machine.

Check Point’s SandBlast Agent Anti-Exploit now monitors the RDP service for Home windows 7 and Home windows 2008R2 and has the capacity to prevent this attack from occurring. Not just is SandBlast Agent in a position to avoid the exploit from being delivered on unpatched systems, but it's also in a position to avoid the exploit from being sent to the formerly vulnerable driver in patched systems.

The security will come in SandBlast Agent’s E80.97 Client Version

To determine Anti-Exploit’s protection for action please visit the next video, where our Threat Research Group’s POC employed for exploitation is blocked. Additionally, you may also observe how we could block the scan from the Metasploit module which was lately designed to identify vulnerable systems.

What The Golden State Warriors and The Toronto Raptors Can Teach About Cyber Security

The Golden Condition Players face off from the Toronto Raptors in Game one of the National basketball association Finals, scheduled for six:00pm PST on Thursday, May 30th.

On their own fifth straight National basketball association Final, the Golden Condition Players are playing for history, seeking their third consecutive title (a “threepeat”) as well as their 4th title since 2015. Lower their star player, Kevin Durant, the Players haven’t missed a beat, crushing opponents with superior working together and determination.

Lead by former National basketball association Finals MVP, Kawhi Leanord, the Toronto Raptors are among two teams that rated within the top-five both in offensive AND defensive efficiency. Playing very well on sides from the court, the Toronto Raptors are challenging the 2-time protecting champions using their ruthlessly effective working together.

With working together, people accomplish greater than they might ever imagine. For this reason Check Point Software programs are a proud advertising supporter from the National basketball association games. We value rapid communication and proper moves nearly as much as the teams vying for that 2018-2019 National basketball association Championship.

With Check Point in your team, you may be a champion of the game and compete upon your greatest threats. If this will get to become crunch time, you should know who are able to secure the perimeter, land a slam dunk and save your day. Trust the professionals. Trust Check Point each time.

The Security Risks of Medical IoT

Within the month of March, nearly a million individuals the U . s . States had their medical files uncovered in data breaches, based on HIPAA Journal. After a ransomware attack forced a clinical center in Michigan to shut it's apparent that healthcare organization’s become a beautiful attack target  among online hackers.

The reason behind that's obvious:  the huge amounts of private information that hospitals along with other healthcare organizations store and transfer digitally. This unique data may be used to obtain costly medical services and prescription drugs, in addition to fraudulently acquire government health advantages.

The proliferation of IoT medical devices (IoMT) increases security vulnerability in hospitals and clinics within an proportionate manner. Which means that a brand new paradigm is needed to be able to provide full threat prevention to those organizations

Make no mistake… IoT devices make our way of life simpler. Smart home technology, for instance, might help users improve energy-efficiency by enabling these to turn appliances off and on using the tap of the touchscreen. Likewise, organizations across all industries also have quickly adopted these to improve operational efficiency.

However, within our recent report into Cloud, Mobile and IoT platforms, IoT devices were lately identified among the weakest links within an IT network.

How can this be?

• IoT products are frequently built on outdated software and legacy os's that leave them susceptible to attack.
• IoT products are more and more storing and collecting huge amounts of data causing them to be a beautiful target for cyber crooks.
• IoT devices function as a simple access point for attackers searching to maneuver laterally across an IT network and get access to more sensitive data. Alternatively, the unit might be attacked directly and shut it lower to highly disruptive effect.

The medical industry is a industry particularly which has moved for the Internet of Medical Things (IoMT) greatly. By a few estimates, 87% of healthcare organizations may have adopted IoT technologies through the finish of 2019 and you will see almost 650 million IoMT devices being used by 2020.

Take ultrasound machines, for instance. Ultrasound technologies have made huge advancements over the past few years to supply patients and doctors alike with detailed and potentially lifesaving information. Regrettably, though, these advancements haven't extended towards the IT security atmosphere by which they sit, are actually linked to and transfer images within.

Check Point Research lately highlighted the risks this might pose through getting their on the job an ultrasound machine and investigating what happens underneath the hood. They found the machine’s operating-system was Home windows 2000, a platform that, like the majority of other IoMT devices, no more receives patches or updates and therefore leaves the whole ultrasound machine and also the information it captures susceptible to attack.

Because of old and well-known security gaps in Home windows 2000, it wasn't hard for we to take advantage of one of these simple vulnerabilities and get access to the machine’s entire database of patient ultrasound images.

The Financial Motivation for Attack

Cyber attacks on hospitals occur with an almost weekly basis. The most recent example being what ransomware attack around the Melbourne Heart Group which saw the hospital’s data scrambled by online hackers and held to ransom. Other significant attacks seen this past year include Singapore’s health service, SingHealth, suffering an enormous data breach that saw the best Minister’s health records stolen adopted by 1.4 million patient records stolen from UnityPoint a couple of days later. Additionally, May 2017 saw the massively disruptive WannaCry attack that caused 20,000 appointments within the UK’s NHS to become cancelled and also over £150 million allocated to remedying the attack. Interestingly, it had been unpatched Home windows systems that cause such damage.

However, it's mainly not mass disruption that motivates cyber crooks to focus on the medical industry. Because of the huge amounts of private information that hospitals along with other healthcare organizations store and transfer digitally, these institutions alllow for attractive targets to fight. This unique data may be used to obtain costly medical services and prescription drugs, in addition to fraudulently acquire government health advantages. It's no question then this information can fetch up to $60 per record around the Dark Web.

Although there are lots of articles describing the private danger of cyber attacks to patients, the financial damage is much more realistic and it is what lies in the centre of cyber attacks around the medical industry.

Based on the Ponemon’s Price of Data Breach Study, at $408 per health record, the healthcare sector demands the greatest cost undoubtedly to treat an information breach. This stands as opposed to the typical of $225 per record compensated by other organizations. These costs include charges to research and repair the harm brought on by a panic attack in addition to having to pay fines or ransoms or any stolen funds themselves. Attacks may also result in a loss of revenue of patient records and knowledge in addition to cause lengthy-lasting harm to the institution’s status.

The Safety Problem

The chance of a cyber attack on healthcare organizations is big. Such attacks can lead to loss and discussing of private data, altering a patient’s medical specifics of medicine, dosages, etc and hacking of MRI, ultrasound and x-ray machines in hospitals.

The critical nature of healthcare environments does mean that lots of individuals active in the healthcare process frequently require access immediately to patients’ data across a wide range of devices and applications. Consequently,

downtime to update or patch systems isn't an option that's easily afforded. Additionally, this a lot of different medical devices from a variety of manufacturers creates an IT security manager’s nightmare not only to monitor them but additionally integrate a burglar policy that comes with all of them.

In the hospital management’s perspective, downtime to update or patch systems not just affects the operational flow from the hospital itself but could also hit their financial main point here too. Getting spent large amounts on important healthcare equipment, it is essential that management sees a return of investment by getting that equipment ready to go to become in a position to cover their costs through claims from patients’ health care insurance policies.

From the regulatory perspective, the natural vulnerabilities that include operating healthcare devices, like a insufficient file encryption of sensitive data in addition to hard-coded or default login credentials, prevent IT professionals from even applying security patches, should such patches even exist.

The Secure Solution

The above mentioned pointed out security vulnerabilities highlight the significance healthcare organizations must put on their IT security posture. While you may still find issues and vagueness with regards to security protocol standardization across Internet of Medical Things (IoMT) devices, there's still much that healthcare organizations can perform to safeguard their patients’ data.

Healthcare organizations must stay sharp towards the multiple entry ways which exist across their network. There can frequently be hundreds, otherwise thousands, of devices attached to the IT network, any kind of which that contains security vulnerabilities either in the hardware of software utilized by such devices. Catching each one of these vulnerabilities doesn't seem possible, however, it is essential healthcare organizations come with an advanced prevention security solution in position to trap the inevitable attacks which will make an effort to exploit these vulnerabilities.

Additionally, segmentation can't ever be overstated. Separating patient data from all of those other IT network gives healthcare IT professionals a clearer look at network visitors to identify unusual movement that may indicate a breach or compromised IoMT device. Segmentation would  also enable these organizations to avoid data stealing or encrypting adware and spyware from propagating further over the network and rather isolating the threat.

Finally, segmentation also needs to affect healthcare personnel inside the organization with use of individuals systems provided simply to individuals who really require them to handle their roles.

Conclusion and Takeaways

The advantages that connected medical devices offer can't be overlooked. They offer patients and healthcare providers with potentially existence-saving information and let a competent method of handling these details. However, healthcare organizations should be aware the vulnerabilities that include these units that improve their likelihood of an information breach. Network segmentation is really a best practice that enables IT professionals within the healthcare sector the arrogance to embrace new digital medical solutions while supplying another layer of security to network and knowledge protection, without compromising performance or reliability.

Check Point predicts the unpredictable at Infosecurity Europe 2019

we’re packing our bags and going to Infosecurity Europe 2019. Europe’s largest annual information security expo happens in the Olympia Grand working in london from June 4-6. We’ll be joining forces with a few of the world’s brightest and greatest thinkers in security, defining tomorrow’s industry landscape. Infosecurity Europe may be the premier source for information security understanding attracting 15,000 attendees and 400 cutting-edge suppliers.

For more than one fourth of century, Check Point provides innovative cybersecurity solutions, protecting organizations throughout Europe and round the globe.  We’ve helped prevent cyberattacks over the entire the surface of your company, such as the network perimeter, endpoint, mobile phone, cloud, data center, and IoT. We are briefing press and analysts with breaking news highlighting another Check Point enterprise innovation.

We expect to seeing you at Infosecurity Europe. Go to stand M24. Here’s a short listing of what we should have planned:

• On June fourth at 2:45 pm, “Predicting the unpredictable: A consider the 2019 cyber threat landscape and cryptojacking,” by Orli Gan, Check Point Mind of Threat Prevention Product Management and Product Marketing within the Tech Showcase Theater
• Deep dive into Check Point Infinity, our unified architecture to avoid unknown and nil-day cyberattacks across all vectors
• A unique illustration showing Maestro Hyperscale security, a brand new means to fix scale your existing Check Point security gateways and extend Infinity into hyperscale environments
• Get demonstrations in our CloudGuard suite, including CloudGuard Dome 9, comprehensive network security and compliance orchestration across AWS, Azure and GCP public clouds CloudGuard IaaS, advanced threat prevention for enterprise systems in private and public clouds and CloudGuard SaaS, stopping targeted attacks on SaaS applications and cloud-based email
• Talk with Threat Research team to consider an in-depth dive into Check Point’s ThreatCloud intelligence. Infinity shared intelligence is operated by our Threat Cloud, which stops 7,000 zero-day files every day and emulates greater than 4 million files every day. The intelligence helps a large number of organizations proactively fortify their defenses.

Stay tuned in and join the conversation instantly online by using Check Point on Twitter @CheckpointSW, for that latest updates live in the show floor. Also, find us on LinkedIn, Facebook and Instagram and employ the hashtag #InfoSec19 @Infosecurity.

Lessons learned from the latest WhatsApp hack

We were once again reminded that mobile devices, the one thing most of us never leave home without, are vulnerable to attacks. And once again, private individuals were attacked.

Several news organizations reported on Monday, May 13, that attackers exploited a vulnerability in WhatsApp, the popular global messaging app installed on 1.5 billion devices worldwide, and successfully installed spyware on several victims’ devices. Unbeknownst to the victims, the attackers obtained complete access to everything on the their mobile devices:  personal and corporate information, email, contacts, camera, microphone, and the individual’s location.

WhatsApp is encouraging customers to update their apps as quickly as possible, and to keep their mobile operating system up to date.

Remarkably, the attackers used the vulnerability to insert malicious code and steal data from Android and iPhone smartphones simply by placing a WhatsApp call, even if the victim didn’t pick up the call. The spyware erases all logs of the call so that victims remain unaware that their device has been hacked.

The WhatsApp hack illustrates that despite their best efforts, Apple and Google cannot completely secure the users of mobile devices running their operating systems. In order to ensure users are properly protected, a mobile threat defense solution must be in place that can prevent spyware from gathering intelligence on their targets. The solution involves multiple steps:

• Identifying advanced rooting and jailbreaking techniques
• Detecting unknown malware
• Preventing malicious outbound communications to command and control servers

All the steps above must be enabled to best prevent sophisticated attacks like the WhatsApp hack. If spyware is simply detected after infecting the device it is too late. It is paramount to ensure that the attack is prevented before it actually infects the mobile device. If, however the device becomes infected, it’s critical that no data be exfiltrated from of the device.

Protect your enterprise and users from sophisticated mobile cyberattacks like the WhatsApp attack with SandBlast Mobile.

Check Point’s 2019 Security Report

2018 introduced a challenging threat landscape. Threat actors consistently improved their cyber weapons, adopted new methods and adapted their attacks to emerging technologies. And although it may have seemed the past year was quieter, this is far from the case.

In the 2019 Security Report we review the latest threats facing organizations in the fifth generation of the cyber landscape and provide you with our observations and insights from the past year.

These attacks can be characterized as more stealth like and targeted. Whether carried out by cyber criminals or nation states, the targeted attacks of 2018 revealed that financial and espionage motivations are not the only driving factors. With more attacks that shut down entire organizations, ‘boutique’ ransomware attacks were a strong trend during 2018 as was the rise of crypto-jackers, that infected 10 times more organizations than ransomware but only 1 in 5 IT professionals are aware they were affected.

We also review of the predictions made in our 2018 Security Report and assess to what extent these proved accurate. Along the way we provide cutting edge analysis from our in-house experts to arrive at a better understanding of today’s threat landscape.

We then take a look under the hood of today’s cyber crime world and show how this ecosystem remains a core part of the cyber threat landscape. Whether it is ransomware, banking trojans, key-loggers or cryptojackers, we look at what these malware types are and how they are now more accessible to potential cyber criminals due to Malware-as-a-Service (MaaS) services. This is the age of the democratization of cybercrime.

We then hone in on how threat actors are able to keep one step ahead by targeting the weakest points in an organization’s IT infrastructure – the cloud, mobile and IoT. Indeed, these platforms offer a threat actor a much higher chance of success and fewer obstacles to overcome due to them being far less protected. However, 65% of IT professionals still underestimate the damage caused by attacks on the Cloud.

As a result, their profits can often be higher due to more private data stored on mobile devices and larger databases and resources held in the cloud. So with account takeovers becoming increasingly common, and the introduction of GDPR in 2018, potential data breaches and other attacks are simply too costly to ignore.

The report concludes with predictions for 2019 and how we think the cyber threat landscape will evolve in the year ahead, looking specifically at the categories of Cloud, Mobile, Network, AI, IoT and Nation State attacks. And finally, to stay ahead of these trends and predictions, we conclude with some expert recommendations and requirements that organizations should adopt in order to prevent fifth generation cyber attacks.

Game of Thrones Phishing Scams and How to Avoid Them

The long night has finally ended. Game of Thrones fans can finally come in from the cold and, like a starving dragon, start devouring the latest and final season of the massively popular TV show. But unlike the fantasy series, what is far more real is the plethora of phishing scams facing enthusiasts.

While there have been many such deceptions, from malware via pirate torrent sites to phishing scams, Check Point Research recently came across the latest in this line of malicious activities bent on taking advantage of unsuspecting fans. Below is an example of such a site that uses the official branding of the show that poses as a legitimate competition for fans to win a special gift pack of GoT merchandise. There is however, no such prize and the site instead collects as many email and mobile phone details as possible that could possibly be used in future spamming campaign.

While many may claim to be able to tell the difference between a real site and a fake site, the use of well recognized and trusted brands, like Game of Thrones, is the preferred method for encouraging the user that the impersonated email or website is trustworthy.

Understanding the Threat

The websites we observed using the Game of Thrones brand could be split into two main categories- Legitimate or fraudulent websites. While both categories use the popularity of the brand to lure users in, their motivations are different. The legitimate websites include fan pages, online games or small shopping sites, looking for potential customers or new community members.

The fraudulent websites on the other hand, exploit the popularity of the brand to display ads, acquire personal information or convince the user to install an unwanted program.

These fraudulent websites mostly include sites requesting personal information for marketing opportunities, and fake streaming sites, requesting the user to download a browser add-on and provide personal information, while no streaming content is displayed at the end of the process.

How ThreatGuard Can Help

Check Point’s Innovation Accelerator is working on a new Threat Intelligence platform called ThreatGuard, so we wanted to test it out.

ThreatGuard, which is developed as SaaS, scans an organization’s assets on the web and notifies its users when threats such as lookalike domains, leaked accounts and credentials, CVEs and open risky ports are detected. In the examples provided above, to find sites exploiting the popularity of Game of Thrones, we used the lookalike domains functionality.

ThreatGuard allowed us to locate lookalike domains in a very short amount of time and focus our research on the deeper threat analysis. We initially added a ‘gameofthrones’ query into ThreatGuard and got tens of results. After expanding the search to more common words related to the Game of Thrones series, such as names of characters and known quotes, we found a lot of other related domains.

ThreatGuard also allowed us to focus our research on a specific word, the severity of the domain, live domains and more. For domains that were deemed more interesting, we conducted safe browsing, embedded via the ThreatGuard solution and inspected the history of the domain. This allowed us to inspect the suspicious domains without harming our hosts and understanding more about the domain we investigated. When we found a malicious domain, we automatically asked for it to be taken down by the domain registrar.

How to Avoid Being a Phishing Victim

There are ways, of course, to prevent being the next victim of a phishing attack. These include:

1. Think before you click. Clicking on links on trusted sites should be totally fine. Links that appear in random emails and instant messages, however, isn’t going to end well. Hovering over links that you are unsure of before clicking on them will tell you if they lead to where you’re expecting.
2. Make sure a site’s URL begins with “https” and there is a closed lock icon near the address bar.
3. Check the site’s domain name is the site you are expecting to visit and trust. If it is not then you could be about to become the next victim of a phishing scam.
4. Make sure you have an advanced threat prevention solution such as Check Point’s SandBlast Agent zero-phishing protection