Innovative Real-Time Protection: DocLink Defender leverages the latest in analytical technology to intercept and neutralize malicious documents instantly.
Proven Defense Against Advanced Threats: Showcasing its prowess, DocLink Defender has a track record of thwarting sophisticated cyber threats, including the notorious Agent Tesla malware.
Comprehensive Security for Check Point Users: For those utilizing Check Point's Quantum and Harmony solutions, activating the Threat Emulation feature ensures an added layer of security.
DocLink Defender seamlessly integrates into this ecosystem, offering robust protection against the evolving landscape of cyber threats.
At the heart of DocLink Defender is a sophisticated engine designed to scrutinize the structure of commonly used document types, such as Office and PDF files.
Should a downloadable file be detected, the Defender doesn't stop there.
It takes the file and subjects it to an exhaustive Threat Emulation process.
Each file is thoroughly emulated, ensuring that any lurking malicious content is identified before it can wreak havoc.
In the event a file is deemed malicious, the document harboring the questionable URL is immediately blocked, providing real-time defense against potential cyber threats.
With DocLink Defender, Check Point reaffirms its commitment to pioneering cybersecurity solutions that meet the challenges of today's complex digital environment.
This attack, observed in January 2024, posed a threat to multiple Threat Emulation customers by potentially compromising them with malware infections, and was blocked by this new engine.
The user receives a PDF file displaying a 'blurred out' image of a document.
Figure 2 - the user received 'blurred out' image.
Figure 3 - message box prompt displayed to the user upon opening the document.
The PDF contains a download link to an archive, that pretends to be an Adobe Acrobat Reader installer, tricking the user into clicking on it to update their version of Adobe Acrobat Reader on their device.
After the user double-clicks on the 'installer', the malicious executable starts running, writing multiple files on the disk and engaging in various background activities, such as running Windows.
Figure 5 - malicious executable activity on user's device.
GuLoader first emerged in the latter part of 2019 and has since been utilized to download and execute malicious payloads.
With DocLink Defender, Threat Emulation has been able to prevent multiple cases of zero-day attacks for multiple customers around the world.
Check Point customers using Quantum and Harmony products with activated Threat Emulation are protected from similar threats.
This Cyber News was published on blog.checkpoint.com. Publication date: Tue, 12 Mar 2024 13:43:10 +0000