www.techrepublic.com
Open in
urlscan Pro
2a04:4e42:400::347
Public Scan
Submitted URL: https://click.checkpoint.com/NzUwLURRSC01MjgAAAGOdb-aEeOqil8I73wj4mnLf217T0dgqUXI3hsyTz36YRjLMvIfaQiKupn6wdbYaAlJObEWcy4=
Effective URL: https://www.techrepublic.com/article/check-point-hackers-usb/?mkt_tok=NzUwLURRSC01MjgAAAGOdb-aEfcbkLfQBWW3sAX0jWbRw9J3IoOzwxN...
Submission: On September 27 via api from ES — Scanned from ES
Effective URL: https://www.techrepublic.com/article/check-point-hackers-usb/?mkt_tok=NzUwLURRSC01MjgAAAGOdb-aEfcbkLfQBWW3sAX0jWbRw9J3IoOzwxN...
Submission: On September 27 via api from ES — Scanned from ES
Form analysis 3 forms found in the DOM
/search/
<form action="/search/" class="search-bar">
<label id="label-nav-site-search" for="nav-site-search"> Search </label>
<input type="search" autocomplete="off" name="q" id="nav-site-search" value="" placeholder="What are you looking for?" required="">
<button type="submit" disabled="disabled">
<svg role="img" aria-labelledby="label-nav-site-search">
<use href="#smart-search-icon"></use>
</svg>
</button>
</form>POST
<form class="share-email-form" method="post">
<input type="hidden" name="share-email-title" value="Check Point: Hackers Are Dropping USB Drives at Watering Holes">
<input type="hidden" name="share-email-url" value="https://www.techrepublic.com/article/check-point-hackers-usb/">
<input type="email" name="from-email" class="read-write" placeholder="Your Email" required="">
<input type="email" name="to-email" class="read-write" placeholder="Recipient Email" required="">
<textarea name="msg" class="readonly">Check out this article I found on TechRepublic.</textarea>
<input type="submit" value="Submit">
<p class="response-msg">Your email has been sent</p>
</form>POST
<form class="share-email-form" method="post">
<input type="hidden" name="share-email-title" value="Check Point: Hackers Are Dropping USB Drives at Watering Holes">
<input type="hidden" name="share-email-url" value="https://www.techrepublic.com/article/check-point-hackers-usb/">
<input type="email" name="from-email" class="read-write" placeholder="Your Email" required="">
<input type="email" name="to-email" class="read-write" placeholder="Recipient Email" required="">
<textarea name="msg" class="readonly">Check out this article I found on TechRepublic.</textarea>
<input type="submit" value="Submit">
<p class="response-msg">Your email has been sent</p>
</form>Text Content
WE VALUE YOUR PRIVACY We and our partners store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning. You may click to consent to our and our partners’ processing as described above. Alternatively you may access more detailed information and change your preferences before consenting or to refuse consenting. Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing. Your preferences will apply to this website only. You can change your preferences at any time by returning to this site or visit our privacy policy. MORE OPTIONSAGREE Skip to content TECHREPUBLIC Search Close Search * Top Products Lists * AI * Developer * Payroll * Security * Project Management * TechRepublic Academy * Innovation * Cheat Sheets * Big Data * Tech Jobs Toggle TechRepublic mobile menu More * TechRepublic Premium * Top Products Lists * AI * Developer * Payroll * Security * Project Management * TechRepublic Academy * Innovation * Cheat Sheets * Big Data * Tech Jobs * See All Topics * Sponsored * Newsletters * Forums * Resource Library TechRepublic Premium Join / Sign In ACCOUNT INFORMATION TechRepublic close modal Image: Timon/Adobe Stock CHECK POINT: HACKERS ARE DROPPING USB DRIVES AT WATERING HOLES * * * * * ACCOUNT INFORMATION TechRepublic close modal SHARE WITH YOUR FRIENDS Check Point: Hackers Are Dropping USB Drives at Watering Holes Check out this article I found on TechRepublic. Your email has been sent by Karl Greenberg in Security on September 12, 2023, 12:49 PM EDT CHECK POINT: HACKERS ARE DROPPING USB DRIVES AT WATERING HOLES Check Point's Global CISO discusses the firm's 2023 threat intelligence, including new AI malice and threat actors spreading malware by dropping flash drives. Image: Timon/Adobe Stock In its 2023 Mid-Year Cyber Security Report, Check Point Software spotlighted numerous exploits so far this year, including novel uses of artificial intelligence and an old-school attack vector: USB drives. Cybercriminals and nation-state actors see these devices as the best way to infect air gapped, segmented and protected networks, according to Check Point. The report’s authors noted the Raspberry Robin worm was one of the common malware variants distributed through USB drives via “autorun.inf” files or clickable LNK files. Check Point also reported that state-aligned threat actors are even launching 10-year-old infections such as ANDROMEDA via USB drives. China-related espionage threat actor Camaro Dragon, for example, used USB drives as a vector to infect organizations all over the world, according to the report’s authors. In addition, the security researchers pointed out that Russian-aligned group Gamaredon used USB drive-delivered Shuckworm to target Ukrainian military and associated individuals. I spoke with Pete Nicoletti, global chief information security officer for the Americas at Check Point Software, about some other top-line findings from the report. Nicoletti, who has more than 30 years in the field, said AI is a game changer, and that out of Check Point Software’s 70-plus engines, AI and machine learning drives 40 of them. The following transcript of my interview with Nicoletti has been edited for length and clarity. Jump to: * Found an orphan USB? Better to leave it be * Bad bots: AI for spam, spearphishing and malware * AI for the defense: Finding spam, insurance reviews, penetration tests * Education sector is the top target * Microsoft: A big house with many doors and “Windows” * Sound and vision: The next AI threats FOUND AN ORPHAN USB? BETTER TO LEAVE IT BE Karl Greenberg: I was surprised by the report’s details around physical USB drivers as a viable attack vector. Really? Today? Pete Nicoletti, global chief information security officer for the Americas at Check Point Software. Pete Nicoletti: As a former penetration tester, I thought the days of USB drivers… USB devices being used to hack were going to go away, but we’ve seen a big uptick in companies falling for a USB drive insertion. When I used to try to break into companies, we used a watering hole attack: You go to the bar where the employees go, you go to the office building or bathroom where the employees go, and you drop a couple of USBs (it used to be CDs, with labels saying “3rd quarter layoffs” and people would grab them). We are seeing the same thing happening with flash drives, and this is dramatic. Karl Greenberg: Hackers are physically leaving USB drives around? Pete Nicoletti: Yes, and this tactic is infecting organizations. Before COVID, we used to have better policies against using USBs in corporate-owned laptops, because that laptop would be inspected. Post COVID, it’s BYO device, and there are fewer corporate protections, so that’s partly why we’re seeing a spike. Also, we’re seeing an uptick in hacktivism with politically motivated groups launching attacks and artificial intelligence misuse such as using AI to craft emails. We just saw the release of an AI-based keystroke monitoring tool that has about 85% to 95% accuracy in understanding the keystroke just by sound. BAD BOTS: AI FOR SPAM, SPEARPHISHING AND MALWARE Karl Greenberg: How important are AI tools today for cybersecurity practitioners, and what do you see as key ways hackers are using it? Pete Nicoletti: If you don’t have artificial intelligence to battle artificial intelligence, you’re going to be a statistic, because AI is lowering the bar for the attackers. Just for spam, as an example, there are a lot more (non-English speaking) people now who can create emails using really good English. Basically, hackers are using AI in at least two ways: They are using AI to write snippets of code rather than full-blown ransomware programs for, say, a zero day for a given common vulnerability and exposure; they are using it, for example, to write a keyboard stroke collector. And they are using AI to automate spam creation using hacked data to generate content. These could, for example, be tied to hacked private information about a patient’s information that may have been part of a large breach; hackers are using such data to create personalized emails: “You were just in for such and such a procedure, and you owe an additional $200 on the bill.” SEE: Check Point announces raft of 2023 AI features (TechRepublic) AI FOR THE DEFENSE: FINDING SPAM, INSURANCE REVIEWS, PENETRATION TESTS Karl Greenberg: How do you prevent or defend against these forms of AI-powered, spearphishing campaigns? Pete Nicoletti: All of our big carrier customers use Avanan, an AI-powered (email security) tool we acquired two years ago. With it, we are able to discover new kinds of challenging-to-find spam — and spam is still 89% the vector of choice for successful attacks. SEE: Check Point’s Avanan spotlights how business email compromise attacks emulate legitimate web services to lure clicks (TechRepublic) Karl Greenberg: Besides use for reducing analyst workloads, where else are you seeing AI being used more today? Pete Nicoletti: We’re seeing people use ChatGPT and other large language models to review their cyber insurance programs. We’re seeing people use it to write up penetration tests to give them more relevance and a deeper understanding of certain issues. If you’re not using artificial intelligence, you’re not going to be competitive. EDUCATION SECTOR IS THE TOP TARGET Karl Greenberg: What are the other top-line findings from the first half of the year? Pete Nicoletti: We’re seeing the education sector being the number one attack vertical; we’ve seen a huge spike in this. Karl Greenberg: Why? Pete Nicoletti: A couple of reasons, including schools transitioning to outsourced IT and using more online education tools. Also, educational institutions don’t have the budgets the commercial sector has. We have seen at least one university go out of business for the first time (Lincoln College in May 2022) because of ransomware demands. Globally, education and research are still the top targets for attacks (Figure A). Figure A Global average of weekly attacks per organization by industry in H1 2023 (change in percentage from H1 2022). Image: Check Point Software MICROSOFT: A BIG HOUSE WITH MANY DOORS AND “WINDOWS” Karl Greenberg: I noticed the number of vulnerabilities in commonly used corporate software is very high; Microsoft is number one. Why does Microsoft have so many CVEs? Pete Nicoletti: Someone famously said they rob banks because that’s where the money is. If you’re a hacker, you want to target Microsoft because it’s so ubiquitous. It’s everywhere — an application developing company and an operating system. It’s used by everyone. So if you’re going to find a zero day, whether you’re a state-sponsored hacking group or just a 16-year-old in the basement wearing a hoodie, you’re going to be targeting Microsoft. The other thing a lot of people don’t talk about: when you turn the knob as a company to push products out the door, because companies can take all the time in the world to develop something and test it, but companies want to release products now, not tomorrow. And when they turn the knob to be competitive and gain market share, this is the unspoken kind of risk of development that gets you in trouble. Karl Greenberg: Which is why AI tools in DevOps are critical. Pete Nicoletti: Companies with fast development shops are picking up these tools to increase security of their development pipeline, containers and Kubernetes, and it’s so much cheaper to fix in the development pipeline rather than in the test or production environment. So companies are finally figuring that out. SOUND AND VISION: THE NEXT AI THREATS Karl Greenberg: What about other uses of AI for threats beyond text and code generation? Pete Nicoletti: We have always been dealing with business email compromise; well, now it’s going to be voice compromise and video compromise. It’s absolutely coming. We’re going to start seeing a lot more photos converted to a video discussion. We’ve seen voice compromises already, and every bank that’s using voice confirmation and voice identification can be fooled now. So, if you have credit cards or banks that use this? Say goodbye. I wouldn’t enable that at all any more. SUBSCRIBE TO THE CYBERSECURITY INSIDER NEWSLETTER Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays Sign up today Karl Greenberg Published: September 12, 2023, 12:49 PM EDT Modified: September 12, 2023, 3:15 PM EDT See more Security articles ALSO SEE * DEF CON Generative AI Hacking Challenge Explored Cutting Edge of Security Vulnerabilities (TechRepublic) * How Generative AI is a Game Changer for Cloud Security (TechRepublic) * Network security policy (TechRepublic Premium) * Cybersecurity: More must-read coverage (TechRepublic on Flipboard) WHITE PAPERS, WEBCASTS, AND DOWNLOADS LIFETIME LICENSE: MICROSOFT OFFICE HOME & BUSINESS FOR MAC Tools & Templates from TechRepublic Academy Learn More MANAGING AI AND ML IN THE ENTERPRISE 2020: TECH LEADERS INCREASE PROJECT DEVELOPMENT AND IMPLEMENTATION Research from TechRepublic Premium Download Now CHECKLIST: MICROSOFT 365 APP AND SERVICES DEPLOYMENTS ON MACS Tools & Templates from TechRepublic Premium View This Now ISCANNER APP: LIFETIME SUBSCRIPTION Tools & Templates from TechRepublic Academy Find Out More MORE ROBOT AND ROBOTIC SYSTEM DEPLOYMENTS EXPECTED ACROSS INDUSTRIES Research from TechRepublic Premium Download Now * * * * * ACCOUNT INFORMATION TechRepublic close modal SHARE WITH YOUR FRIENDS Check Point: Hackers Are Dropping USB Drives at Watering Holes Check out this article I found on TechRepublic. Your email has been sent Share: Check Point: Hackers Are Dropping USB Drives at Watering Holes By Karl Greenberg Karl is a lead writer on cloud security for TechRepublic, specializing in enterprise security risks, strategies, products, threats, trends and technologies for securing organizations. After receiving a BA in comparative religions from Florida State University, he worked for the Tampa Tribune, and radio and TV stations in Tallahassee before moving to Boulder, Colorado, where he pursued his interests in acting at Denver theaters. After receiving an MFA in dramatic writing from Brooklyn College he became a journalist and wrote for several years for publications covering the automotive, industrial chemical, internet tech and consumer marketing verticals. He has written for Adweek, Brandweek, The Chemical Market Reporter and MediaPost, and was also the public affairs officer at the NYU Tandon School of Engineering for six years prior to coming to TA. * | * See all of Karl's content * Artificial Intelligence * DevOps * Hardware * International * Microsoft * Security EDITOR'S PICKS * Abstract polygonal lamp on digital background. Idea and innovation concept. 3D Rendering TechRepublic Premium TECHREPUBLIC PREMIUM EDITORIAL CALENDAR: POLICIES, CHECKLISTS, HIRING KITS AND RESEARCH FOR DOWNLOAD TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project. TechRepublic Staff Published: September 1, 2023, 4:30 AM EDT Modified: September 1, 2023, 6:52 AM EDT Read More See more TechRepublic Premium articles * Image: putilov_denis/Adobe Stock Artificial Intelligence MICROSOFT’S FIRST GENERATIVE AI CERTIFICATE IS AVAILABLE FOR FREE Microsoft is also running a grant competition for ideas on using AI training in community building. Megan Crouse Published: July 28, 2023, 3:18 PM EDT Modified: July 28, 2023, 3:48 PM EDT Read More See more Artificial Intelligence articles * Image: issaronow/Adobe Stock Cloud Security HOW GENERATIVE AI IS A GAME CHANGER FOR CLOUD SECURITY Generative AI will be a game changer in cloud security, especially in common pain points like preventing threats, reducing toil from repetitive tasks, and bridging the cybersecurity talent gap. Sue Poremba Published: June 29, 2023, 12:34 PM EDT Modified: June 30, 2023, 3:40 PM EDT Read More See more Cloud Security articles * Image: TarikVision/Adobe Stock Payroll THE 8 BEST INTERNATIONAL PAYROLL SERVICES FOR 2023 Does your business need a payroll provider that offers international payroll services? Use our buyer's guide to review the best solutions, from ADP to Oyster. Madeline Clarke Published: July 10, 2023, 7:28 AM EDT Modified: September 26, 2023, 12:51 AM EDT Read More See more Payroll articles * Image: irissca/Adobe Stock Artificial Intelligence CHATGPT CHEAT SHEET: COMPLETE GUIDE FOR 2023 Get up and running with ChatGPT with this comprehensive cheat sheet. Learn everything from how to sign up for free to enterprise use cases, and start using ChatGPT quickly and effectively. Megan Crouse Published: September 25, 2023, 11:00 AM EDT Modified: September 25, 2023, 11:01 AM EDT Read More See more Artificial Intelligence articles * Image: monticellllo/Adobe Stock Project Management 6 BEST MONDAY.COM COMPETITORS AND ALTERNATIVES FOR 2023 Looking for an alternative to monday.com? Our comprehensive list covers the best monday alternatives, their key features, pricing, pros, cons and more. Ali Azhar Published: July 6, 2023, 1:00 AM EDT Modified: August 21, 2023, 5:37 PM EDT Read More See more Project Management articles SUBSCRIBE TO THE CYBERSECURITY INSIDER NEWSLETTER Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays Sign up today TECHREPUBLIC PREMIUM * TechRepublic Premium IDENTITY THEFT PROTECTION POLICY Help protect your employees and customers from identity theft. This policy from TechRepublic Premium outlines precautions for reducing risk, signs to watch out for and steps to take if you suspect identity theft has occurred. While such misfortune may not be 100% preventable for everyone who follows these guidelines (since identity theft can still occur ... Published: September 26, 2023, 4:00 PM EDT Modified: September 27, 2023, 9:00 AM EDT Read More See more TechRepublic Premium articles * TechRepublic Premium HOME OFFICE DEDUCTION GUIDE AND CHECKLIST There are rules about what qualifies as a home office, what qualifies as a deductible expense and what method should be used to calculate the deduction assuming those rules and qualifications are met. This guide, and the accompanying checklist, from TechRepublic Premium will help you navigate the twists and turns of those regulations to arrive ... Published: September 26, 2023, 4:00 PM EDT Modified: September 27, 2023, 9:00 AM EDT Read More See more TechRepublic Premium articles * TechRepublic Premium QUICK GLOSSARY: MALWARE Malware is an insidious infection that will steal productivity from your enterprise and potentially wreak havoc on your network. To prevent and counteract malware, it’s important to know the terminology surrounding it. This list of terms from TechRepublic Premium will help you grasp the vocabulary that describes malware and the technology that spawns it. From ... Published: September 26, 2023, 4:00 PM EDT Modified: September 27, 2023, 9:00 AM EDT Read More See more TechRepublic Premium articles * TechRepublic Premium INTERNET OF THINGS POLICY The Internet of Things continues making inroads in the business world, so organizations should have a defined IoT structure in place to ensure that data and operations are properly secured. This policy from TechRepublic Premium provides guidelines for the procurement, usage and administration of IoT devices, whether company provided or employee-owned. From the policy: Since ... Downloads Published: September 26, 2023, 4:00 PM EDT Modified: September 27, 2023, 9:00 AM EDT Read More See more TechRepublic Premium articles SERVICES * About Us * Newsletters * RSS Feeds * Site Map * Site Help & Feedback * FAQ * Advertise * Do Not Sell My Information * Careers EXPLORE * Downloads * TechRepublic Forums * Meet the Team * TechRepublic Academy * TechRepublic Premium * Resource Library * Photos * Videos * TechRepublic * TechRepublic on Twitter * TechRepublic on Facebook * TechRepublic on LinkedIn * TechRepublic on Flipboard © 2023 TechnologyAdvice. All rights reserved. * Privacy Policy * Terms of Use * Property of TechnologyAdvice