Security Checkup - Advanced Apr 23 2020 9 28 41 AM

Date
Prepared for
Prepared by
Industry Analysis duration Traffic inspected by the following

Check Point Software Blades:
Company size Analysis network

Country Security Gateway version
Security device
© Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
EXECUTIVE SUMMARY
The following Security Checkup report

Malware and Attacks
presents the findings of a security
assessment conducted in your
network. The report uncovers where 39 11 known malware
downloaded by
16
your organization is exposed to computers infected with bots unique software vulnerabilities
security threats, and offers were attempted to be
recommendations to address these
risks. 17 users exploited

To assess risk, network traffic was 11.9K
inspected by Check Point to detect a
variety of security threats, including:
communications
with C&C* sites
0 Zero-days
downloaded
malware infections, usage of high risk
web applications, intrusion attempts, * C&C - Command and Control. Zero-days downloaded present a unique
loss of sensitive data, and more. If proxy is deployed, there might be count of old or new malware variant with Indicates potential attacks on computers
additional infected computers. un-known anti-virus signature. on your network.
Data Loss Hig h Risk Web Access
0 17 248 31
potential data loss high risk web high risk web sites cloud applications
incidents applications
0 8.3GB 2.4K hits

45.0GB
sensitive data
categories
Indicates information sent outside the

company or to unauthorized internal Potential risks: opens a backdoor to your Potential risks: Exposure to web-based Risk of data loss and compliance
users. Information that might be network, hides user activity, causes data threats and network infection. Examples: violations. Examples: Dropbox, Google
sensitive. leakage or malware infections. Spam, malicious, phishing web sites. Drive, OneDrive.
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 2
TABLE OF CONTENTS
Table of Contents
EXECUTIVE SUMMARY
KEY FINDINGS
MALWARE & AT T ACKS
HIGH RISK WEB ACCESS
DAT A LOSS
BANDWIDT H ANALYSIS
MOBILE T HREAT S
ENDPOINT S
CHECK POINT INFINITY

CHECK POINT INFINIT Y
ABOUT CHECK POINT
Key Findings
KEY FINDINGS MALWARE AND ATTACKS
Pre Inf ection

Cyber Kill Chain
A cyber kill chain reveals the stages of 549 17 16
a cyberattack: from reconnaissance to servers were scanned* users downloaded malwares unique exploits attempts
the goal of data exfiltration. The kill
chain can also be used as a
management tool to help continuously
improve network defense.
Pre Inf ect ion * Scanned Servers – these servers were scanned from the internet for first understanding of open ports and services
1. Reconnaissance
2. Delivery Post Inf ection
11.9K 39 12
3. Exploitation
4. Installation
Post Inf ect ion malicious connections to C&C machines are infected different malware families were
servers found
1. Command and Control
2. Propagation
Malicious t raffic connect ed t o infect ed end-point (inbound/out bound connect ions)
1.4K 2.5K 2.1K 2K 2.2K 1.8K 1.2K 918 1.1K 762 818 1K 915 617 1.5K 488
Mar 2 3 , 2 0 2 0 M ar 27, 2020 M ar 31, 2020 Apr 4, 2020 Apr 8, 2020 Apr 12, 2020 Apr 16, 2020 Apr 20, 2020
MACHINES INFECTED WITH MALWARES & BOTS
Bot is a malicious software that invades your computer. Bots allow criminals to remotely control your computer to execute illegal activities such as stealing data,
spreading spam, distributing malware and participating in Denial of Service (DOS) attacks without your knowledge. Bots play a key role in targeted attacks known as
Advanced Persistent Threats (APTs). The following table summarizes the bot families and number of infected computers detected in your network.
Top malwares in t he net work Top infect ed machines **

Destination
Malware Family Malware Name* Protection T ype
Country
172.31.41.4
Conficker_b Conficker_B.TC.akb
DNS Reputation United States
lh 172.31.32.38
Conficker_B.TC.ake
yo 192.168.6.117
Conficker_B.TC.akd
xe 192.168.6.162
Conficker_B.TC.akg United Kingdo…

DNS Reputation 172.31.1.140
scope
zs United States
Conficker_B.TC.ajv United Kingdo… 172.31.1.100

DNS Reputation
rk United States
T otal: 2.8K 172.31.13.33

1 Protection T ype 6 Countries
Malware
192.168.17.12
Conficker_a Conficker_A.TC.aln Netherlands
DNS Reputation
bj United States
192.168.70.48
Conficker_A.TC.alp Netherlands
DNS Reputation
ad United States 172.31.13.61
Conficker_A.TC.aliz
DNS Reputation United States 0B 500KB 1M B 1.5M B 2M B
a Traffic Sent Bytes
* Check Point’s malware naming convention: <malware type>.<operating system>.<malware family>.<variant> For more details on specific malware, search the malware name on
www.threat-cloud.com
** Amount of malicious traffic from end-point.
MALWARE DOWNLOADS (KNOWN MALWARE)
With the increase in sophistication of cyber threats, many targeted attacks begin with exploiting software vulnerabilities in downloaded files and email attachments.
During the security analysis, a number of malware-related events which indicate malicious file downloads were detected. The following table summarizes
downloads of known malware files detected in your network and the number of the downloading computers. Known malware refers to malware for which
signatures exists and therefore should be blocked by an anti-virus system.
Malware downloads over ht t p Top 5 sources downloaded malware

Machine
Infected File Name User Malware Action Downloaded by MD5*
Name
UsuarioNuevo-PC (172.3...
landing.php Malicious MCHOW-PC 8dc1ccbb7e95163d67e0
file/exploit (172.31.4.50) d6fda7c9639f android-8ddb640eb1391...
download
android-
f8a8222d41ebc8a7b324f M CHOW-PC (172.31.4.50)
8ddb640eb13914
26.cse.gob.ni 82dab6e0cb3
DESKTOP-K3BVM QN (172...
(192.168.70.100)
FF+MR+SANT.rar Malicious
2e741b1dac7733b566d3 DESKTOP-6UD7IPG (172.3...
file/exploit UsuarioNuevo-
e8db5ebb4a2f
download PC (172.31.4.113) 0 1 2 3
Wondershare_Fotop Malicious DESKTOP-
809e0908a70dcead98c3
hire_1.3.0.zip file/exploit K3BVMQN
a14faeeda7dc
download (172.31.4.162) Downloads by prot ocol
ReimagePackage195 Malicious http TCP/182
9861c58ee856c4b98ca
1x64.exe file/exploit 192.168.9.43
de0a6130829d6
download [1 | 8%]
APNSetup.exe Malicious
363a4a68a86441777924
file/exploit UsuarioNuevo-
df8219aeb72c
download PC (172.31.4.113)
* You can analyze suspicious files by copying and pasting files’ MD5 to VirusTotal online service at www.virustotal.com [12 | 92%]
Infected File Name User Machine Name Malware Action Downloaded by MD5*
Minecraft-v1.16.0.53- Malicious file/exploit android-

TechBigs.Com.apk download 8ddb640eb1391426.cse.gob d9ab5f523cc1c1dbd0e5c481cfee807e
.ni (192.168.70.100)
sniper-elite-programas-gratis- Malicious file/exploit User_Group_1
e08897849cfbc897b05637aaeb2d0176
net_1396319062.exe download (192.168.6.177)
askToolbarInstaller-1.15.29.0.exe Malicious file/exploit Fabrica4-PC e78a6553baf2788bdd8d62348ed9806
download (192.168.6.57) 9
SkinPacks_3855430375.exe Malicious file/exploit android-

download 8ddb640eb1391426.cse.gob 09117852aab79856d44ff6797195815e
.ni (192.168.70.100)
T otal: 9 Files 0 Users 0 Names 1 Action 7 Sources 10 Files
ACCESS TO SITES KNOWN TO CONTAIN MALWARE
Organizations can get infected with malware by accessing malicious web sites while browsing the internet, or by clicking on malicious links embedded in received
email. The following summarizes events related to sites known to contain malware.
Top connect ions t o malicious sit es Top 5 sources accessed malicious sit es
Malware Family Domain Protection T ype Hits
Andromeda http://differentia.ru/diff.php URL Reputation 45
Adware server2.aserdefa.ru DNS Reputation 22

172.31.33.77
Generic_android bigdata.adsunflower.com DNS Reputation 22
Generic netflix-usa.net DNS Reputation 5

dl.memuplay.com
Signature 1
172.31.104.21
Zusy http://ec2-54-184-105-143.us-
west-
2.compute.amazonaws.com/la
Signature 3
nding.php?
Source
clickid=4a61cusm7k252vrfea&c Impresora (192.168.6.106)
ampaign=56
SendPay http://download1710.mediafire.
com/77f6reeituag/m21t7hxj49s Signature 2
73u1/FF+MR+SANT.rar
Host_172.31.1.140 (172....
Asparnet Signature 1
Malware-url http://minisrclink.cool/1e40c8b
URL Reputation 1
d4601a5a5a4.js
UNKNOWN Signature 1 172.31.104.20
Webcompanion http://webcompanion.com/nan
o_download.php? URL Reputation 1
partner=JD180501
0 20 40
T otal: 10 Families 3 Protection T ypes 104 Hits
* You can analyze suspicious URLs by copying and pasting them into VirusTotal online service at www.virustotal.com
ATTACKS AND EXPLOITED SOFTWARE VULNERABILITIES
During the security analysis, attacks and exploited software vulnerabilities on servers/clients were detected. Such incidents might indicate intrusion attempts,
malware attacks, DoS attacks or attempts to bridge security by exploiting software vulnerabilities. The following summarizes all events with known industrial
reference.
Top at t acks and exploit ed soft ware vulnerabilit ies Top t arg et ed end-point s
Attacked Industry
Attack / Exploit Attack Source Events
Destination Reference
External_Navegacion (172.16.10...
Multiple Vendor ICMP CVE-2004-0790
External_Navegacio Connection Reset host_172.31.4.119 269 XC-99AF12 (192.168.5.75)
Destination
n (172.16.100.14) Denial of Service (172.31.4.119)
51.161.115.191
T otal: 1 Exploit 1 Reference 1 Source 269
XC-99AF12 Microsoft Windows NT CVE-2000-1200 172.31.1.82 78 External_VPN_F5 (172.16.100.21)

(192.168.5.75) Null CIFS Sessions
Host_172.31.1.140 24 94.242.62.212
(172.31.1.140)
0 100 200
T otal: 1 Exploit 1 Reference 2 Sources 102 Number of attacks
OpenSSL TLS Man-In- CVE-2014-0224

External_VPN_F5 The-Middle Security F5_SelfIP_VLAN100 2
Bypass
(172.16.100.21) (172.16.100.2) Top CVEs
OpenSSL TLS DTLS CVE-2014-0160
Heartbeat Information CVE-2014-0346 F5_SelfIP_VLAN100 2
Disclosure (172.16.100.2) CVE-2004-0790
T otal: 4 Exploits 3 References 1 Source 15

CVE-2000-1200
51.161.115.191 Suspicious Malvertising Admon_UCB (1…
Redirection 15
android-8ddb… CVE-2016-2107
94.242.62.212 Suspicious Malvertising Admon_UCB (1…

14 CVE-2015-3668
Redirection android-8ddb…
CVE-2010-0024
* You can learn more about the vulnerability that IPS detected by copying and pasting the CVE into 0 50 100 150 200 250
Check Point ThreatPortal online service at https://threatpoint.checkpoint.com/ThreatPortal/ Number of attacks
Attacked Destination Attack / Exploit Industry Reference Attack Source Events
T otal: 86 Destinations 24 Exploits 16 References 39 Sources 527
SCANNED SERVERS
During the security analysis, attacks and exploited software vulnerabilities on servers/clients were detected. Such incidents might indicate intrusion attempts,
malware attacks, DoS attacks or attempts to bridge security by exploiting software vulnerabilities. The following summarizes these events.
Top scanned servers

T arg et end-point Attack / Exploit Events Source
0.0.0.0 External_Check_Point_GW (172.16.100.1)

F5_SelfIP_VLAN100 (172.16.100.2)
172.31.1.82
Sweep Scan 7.6K
PROXY_CSE2 (172.31.1.100)
PROXY_CSE (172.31.1.110)
195 more Sources
T otal: 1 Attack / Exploit 7 .6K 200 Sources
172.31.8.5 172.31.1.82
Brute Force Scanning of CIFS Ports 69
Host_172.31.1.140 (172.31.1.140)
T otal: 1 Attack / Exploit 69 2 Sources
Host_192.168.5.107 (192.168.5.107) 172.31.1.82

Host_172.31.1.140 (172.31.1.140)
172.31.8.96 172.31.1.82
Host_172.31.1.140 (172.31.1.140)

172.31.8.3 172.31.1.82
Host_172.31.1.140 (172.31.1.140)

172.31.8.4 172.31.1.82
Host_172.31.1.140 (172.31.1.140)
172.31.8.30 172.31.1.82
Host_172.31.1.140 (172.31.1.140)

172.31.8.84 172.31.1.82
Host_172.31.1.140 (172.31.1.140)

172.31.8.130 172.31.1.82
Host_172.31.1.140 (172.31.1.140)

host_192.168.5.104 (192.168.5.104) 172.31.1.82
Host_172.31.1.140 (172.31.1.140)
172.31.8.1 172.31.1.82
Host_172.31.1.140 (172.31.1.140)
XC-99AF12 (192.168.5.75) 172.31.1.82

Host_172.31.1.140 (172.31.1.140)

192.168.5.101 172.31.1.82
Host_172.31.1.140 (172.31.1.140)

fdma_host01 (192.168.5.74) 172.31.1.82
Host_172.31.1.140 (172.31.1.140)

192.168.5.3 172.31.1.82
Host_172.31.1.140 (172.31.1.140)
192.168.5.3 T otal: 1 Attack / Exploit 23 2 Sources
fdma_host02 (192.168.5.89) Brute Force Scanning of CIFS Ports 17 Host_172.31.1.140 (172.31.1.140)
T otal: 1 Attack / Exploit 17 1 Source

172.31.8.98 172.31.1.82
Host_172.31.1.140 (172.31.1.140)

transporte (172.31.8.66) 172.31.1.82
Host_172.31.1.140 (172.31.1.140)
172.31.8.56 172.31.1.82
Host_172.31.1.140 (172.31.1.140)
BRN001BA9595574 (192.168.5.85) Brute Force Scanning of CIFS Ports 13 Host_172.31.1.140 (172.31.1.140)

External_VPN_F5 (172.16.100.21) ZMap Security Scanner over HTTP 9 F5_SelfIP_VLAN100 (172.16.100.2)
Nmap Scripting Engine Scanner Over HTTP Request 2 F5_SelfIP_VLAN100 (172.16.100.2)
T otal: 2 Attacks / Exploits 11 1 Source

fdma24 (192.168.5.59) 172.31.1.82
Host_172.31.1.140 (172.31.1.140)
PRT_RH00 (192.168.5.73) 172.31.1.82

Host_172.31.1.140 (172.31.1.140)
fdma69 (192.168.5.48) Brute Force Scanning of CIFS Ports 6 Host_172.31.1.140 (172.31.1.140)
172.31.8.95 172.31.1.82
Host_172.31.1.140 (172.31.1.140)
172.31.8.45 172.31.1.82
Host_172.31.1.140 (172.31.1.140)
172.31.8.43 172.31.1.82
Host_172.31.1.140 (172.31.1.140)
Admin_M630 (192.168.5.83) Brute Force Scanning of CIFS Ports 6 172.31.1.82

fdma28 (192.168.5.58) 172.31.1.82
Host_172.31.1.140 (172.31.1.140)
172.31.8.41 Brute Force Scanning of CIFS Ports 4 Host_172.31.1.140 (172.31.1.140)
T otal: 54 9 Destinations 5 Attacks / Exploits 9.5K 204 Sources
KEY FINDINGS HIGH RISK WEB ACCESS
USAGE OF HIGH RISK WEB APPLICATIONS
Web applications are essential to the productivity of every organization, but they also create degrees of vulnerability in its security posture. Remote Administration
applications might be legitimate when used by admins and the help-desk, but please note that some remote access tools can be used for cyber-attacks as well.
The following risky web applications were detected in your network, sorted by category, risk level and number of users.
8.3GB
Top hig h risk web applicat ions
Application Application
Application Name Source T raffic
Categ ory Risk* T otal high risk web applications traffic
File Storage and Admon_UCB (192.168.5.45)
Sharing fdma58 (192.168.5.82)
Top 5 hig h risk app sources
Fabrica2-PC (192.168.6.116)
Mega High 7.4GB
Revision3 (192.168.6.124) High Critical
192.168.6.175
8 more Sources
fdma07 (192.168.5.86) 192.168.9.48
BAD_ADDRESS (192.168.6.107)
Revision3 (192.168.6.124)
Dropbox High 864.9MB
DESKTOP-UNAU6RA (192.168.6…
Revision3 (192.168.6.124)
DMSWiFi.cse.gob.ni (192.168.9…
Source
11 more Sources
T otal: 2
25 Sources Hig h 8.3G B 192.168.9.42
Applications
Remote 172.31.1.111
Administration 192.168.6.174
HUAWEI_Y7.cse.gob.ni (...
192.168.16.201
AnyDesk High 37.8MB
192.168.16.250
192.168.70.8
12 more Sources android-b93de0812471...
android-
TeamViewer 1e37178f332eb58c.cse.gob.ni High 5.6MB
(192.168.70.103) 0B 2GB 4GB
Traffic
Application Categ ory Application Name Source Application Risk* T raffic
Remote Administration T otal: 2 Applications 18 Sources Hig h 4 3.4 MB
Anonymizer Hola Revision3 (192.168.6.124) Critical 13.4MB
192.168.9.51
192.168.9.52
ANAGABRIELA.cse.gob.ni (192.168.70.38)
UC browser Critical 1.8MB
JYK-PC.cse.gob.ni (192.168.70.45)
android-6fcdd6c41ea45e99.cse.gob.ni (192.168.7…
1 more Source
MCHOW-PC (172.31.4.50)
Avira Phantom VPN Critical 724.0KB
DESKTOP-T6U1V9G (172.31.4.139)
android-8ddb640eb1391426.cse.gob.ni
ZenMate Critical 376.1KB
(192.168.70.100)
Ultrasurf Admon_UCB (192.168.5.45) Critical 329.5KB
Psiphon DESKTOP-T6U1V9G (172.31.4.139) Critical 124.8KB

android-8ddb640eb1391426.cse.gob.ni
ProxySite Critical 10.1KB
(192.168.70.100)
MCHOW-PC (172.31.4.50)
OpenVPN Critical 7.5KB
DESKTOP-T6U1V9G (172.31.4.139)
VPN.ht host_172.31.4.6 (172.31.4.6) Critical 5.8KB
T otal: 9 Applications 12 Sources Critical 16.7 MB
P2P File Sharing host_172.31.4.119 (172.31.4.119)

Admon_UCB (192.168.5.45)
PCComputer.cse.gob.ni_54 (192.168.70.51)
BitTorrent Protocol High 2.7MB
Galaxy-J7-Prime.cse.gob.ni_66 (192.168.70.99)
AndresJCaracas.cse.gob.ni (192.168.70.105)
2 more Sources
Application Categ ory Application Name Source Application Risk* T raffic
P2P File Sharing host_172.31.4.119 (172.31.4.119)

PCComputer.cse.gob.ni_54 (192.168.70.51)
uTorrent Galaxy-J7-Prime.cse.gob.ni_66 (192.168.70.99) High 1.3MB
JK.cse.gob.ni (192.168.70.106)
192.168.70.183
T otal: 2 Applications 7 Sources Hig h 4 .1MB
IPTV Admon_UCB (192.168.5.45)

JGX_Wifi.cse.gob.ni (192.168.70.31)
Popcorn Time High 370.8KB
AndresJCaracas.cse.gob.ni (192.168.70.105)
192.168.70.121
T otal: 1 Application 4 Sources Hig h 37 0.8KB
Spam tracker.trackerfix.com/announc
Admon_UCB (192.168.5.45) High 21.5KB
e
T otal: 1 Application 1 Source Hig h 21.5KB
Network Protocols X11 Protocol Host_172.31.1.140 (172.31.1.140) High 1.2KB
T otal: 7 Categ ories 18 Applications 57 Sources Critical 8.3G B
ACCESS TO HIGH RISK WEB SITES
Web use is ubiquitous in business today. But the dynamic, constantly evolving nature of the web makes it extremely difficult to protect and enforce web usage in a
corporate environment. To make matters more complicated, web traffic has evolved to include not only URL traffic, but embedded URLs and applications as well.
Identification of risky sites is more critical than ever. Access to the following risky sites was detected in your network, organized by category, number of users, then
number of hits.
Hig h risk web sit es cat eg ories Hig h risk web sit es by cat eg ory
Website Categ ory Hits
Spam 1.2K Spam
Spyware / Malicious Sites 941

Spyware / M alicious Sites
Site category
Suspicious Content 169
Suspicious Content
T otal: 5 Categ ories 2.4 K Hits
Sex
Phishing
Top hig h risk web sit es (t op 10 per cat eg ory)
Site Categ ory Site Users Hits 0 500 1K
Hits
184.168.131.241
1dapp.news
205.185.216.10 DESKTOP-6GK346U…
64p3am9x95ct.com Access t o quest ionable sit es
host_172.31.4.119 (…
69.175.41.2 Browse
DESKTOP-6UD7IPG…
Spam a3jenhkmqwnl.com 1.2K Categ ory T ime T raffic
blf_172.31.10.101 (1…
adexmedias.com (hh:mm:ss)
adobviewe.club fdma48 (192.168.5…
138 more Users Sex 14h 56m 55s 144.0MB
advinci.co
agafurretor.com Illegal / Questionable 20h 31m 00s 86.7MB
152 more Sites
Gambling 36h 55m 32s 28.9MB
7 2h 23m
T otal: 3 Categ ories 259.5MB
27 s
Site Categ ory Site Users Hits
104.211.96.15
108.174.10.14
157.185.172.22 172.31.1.111
162.247.242.19 host_172.31.4.96 (172.31.4.96)
170.178.168.203
ConsejoSupremoE (172.31.4.103)
Spyware / Malicious Sites 174.137.133.18 941
DELL_10 (172.31.4.123)
174.137.133.48
18.232.28.189 BLF_172.31.10.20 (172.31.10.20)
185.151.204.12 140 more Users
188.72.202.2
53 more Sites
216.21.13.15
69.16.175.10
69.16.175.42 host_172.31.4.119 (172.31.4.119)
adsco.re CYC-10 (192.168.6.69)
bigdata.adfuture.cn
usuarionuevo-PC_30 (192.168.6.9…
Suspicious Content cs.tekblue.net 169
BAD_ADDRESS (192.168.6.107)
files.downloadnow.com
islatively.com Revision3 (192.168.6.124)
n.adsco.re 52 more Users
rtmark.net
5 more Sites
exdynsrv.com
exosrv.com host_172.31.4.6 (172.31.4.6)
main.exdynsrv.com MCHOW-PC (172.31.4.50)
ravom.space
Sex host_172.31.4.223 (172.31.4.223) 64
static.exdynsrv.com
DESKTOP-J800TL0 (172.31.4.240)
static.exosrv.com
syndication.exdynsrv.com android-8ddb640eb1391426.cse…
syndication.exdynsrv.com/splash.php
Site Categ ory Site Users Hits
Host_172.31.1.140 (172.31.1.140)
108.174.10.14 Registro_Arles (192.168.6.96)
37.48.82.67/updates/apu/diffs
usuarionuevo-PC_30 (192.168.6.9…
Phishing client_monitor.isnssdk.com 44
Revision1 (192.168.6.138)
get.cryptobrowser.site
ultramaxtestoenhancer.com DESKTOP-MF05GEJ (192.168.6.14…
6 more Users
T otal: 5 Categ ories 24 8 Sites 209 Users 2.4 K
KEY FINDINGS DATA LOSS
Top cloud based web applicat ions

Application Name T raffic T otal Bytes Application Categ ory Users
Google Cloud Platform 18.3GB Computers / Internet 172 Users
iCloud 16.0GB Media Sharing 32 Users
Mega 7.4GB File Storage and Sharing 13 Users

Autodesk360 1.0GB Business / Economy 2 Users
Dropbox 864.9MB File Storage and Sharing 16 Users
Google Drive-web 603.9MB File Storage and Sharing 39 Users

Office365-Outlook-web 505.8MB Email 63 Users
Google Analytics 81.9MB Business / Economy 203 Users
iCloud-email 66.9MB Email 15 Users

SoundCloud 51.5MB Media Sharing 6 Users
Lynda 50.1MB Business / Economy 1 User
Windows Azure Cloud Services 6.6MB Business / Economy 21 Users
Salesforce 3.8MB Business / Economy 5 Users

Zendesk 3.7MB Business / Economy 65 Users
Microsoft OneDrive-web 2.7MB File Storage and Sharing 22 Users
GitHub 2.6MB Business / Economy 28 Users

Office365 2.0MB Business / Economy 4 Users
Sumologic 1.0MB Business / Economy 19 Users
Baidu Hi-cloud 730.3KB File Storage and Sharing 4 Users

Sophos-live protection 628.1KB Business / Economy 2 Users
T otal: 31 Applications 4 5.0G B 7 Categ ories 24 1 Users
KEY FINDINGS BANDWIDTH ANALYSIS
BANDWIDTH UTILIZATION BY APPLICATIONS & WEBSITES
Organization's network bandwidth is usually utilized by a wide range of web applications and sites used by employees. Applications that use a lot of bandwidth, for
example, streaming media, can limit the bandwidth that is available for important business applications. It is important to understand what is hogging the network's
bandwidth in order to limit bandwidth consumption of non business related usage. The following summarizes the bandwidth usage of your organization sorted by
consumed bandwidth.
1.4TB
Top applicat ions/sit es
Application / Site Categ ory Risk Level Sources T raffic
YouTube Media Streams Low 232 Sources 415.5GB

T otal traffic scanned
Netflix-streaming Media Streams Low 50 Sources 380.2GB
Facebook Social Networking Low 222 Sources 125.5GB

Traffic by prot ocol
Windows Update Software Update Very Low 154 Sources 52.5GB

https
WhatsApp Messenger Instant Messaging Low 164 Sources 48.9GB
Instagram Social Networking Low 124 Sources 42.7GB quic
Google Play Search Engines /

Low 200 Sources 40.0GB
Portals http
Apple Services Web Services

Provider jabber
Quic Protocol Network Protocols Low 174 Sources 22.3GB

UDP/3478
Google Cloud Computers /
Platform Internet tcp-high-ports
iCloud Media Sharing Low 32 Sources 16.0GB
deep2
muscdn.com Computers /
Unknown 32 Sources 15.0GB
Internet
HTTP_and_HTTPS_proxy
nyc.dailymotion.com Media Streams Unknown 20 Sources 10.4GB
WhatsApp IM AP-SSL
Messenger-file Media Sharing Medium 147 Sources 9.3GB
transfer echo-request
gvt1.com Computers /
Unknown 198 Sources 8.7GB
Internet 0B 500GB 1TB
KEY FINDINGS BANDWIDTH ANALYSIS
Application / Site Categ ory Risk Level Sources T raffic
dc3.dailymotion.com Media Streams Unknown 14 Sources 7.7GB
Microsoft Office-update Business / Economy Very Low 36 Sources 7.5GB
Mega File Storage and Sharing High 13 Sources 7.4GB
Apple Software Update Software Update Very Low 29 Sources 7.4GB
googleapis.com Computers / Internet Unknown 255 Sources 6.9GB
Twitch.tv Media Streams Low 9 Sources 6.1GB
Twitter Social Networking Low 166 Sources 5.9GB
1.nflxso.net Media Streams Unknown 56 Sources 5.6GB
ix7.dailymotion.com Media Streams Unknown 3 Sources 5.3GB
dbankcdn.com Computers / Internet Unknown 14 Sources 3.7GB
Spotify Media Streams Low 66 Sources 3.7GB
activeupdate.trendmicro.com Computers / Internet Unknown 11 Sources 3.4GB
Microsoft Services Computers / Internet Low 209 Sources 3.3GB
secak-fota-dn.samsungdm.com Computers / Internet Unknown 3 Sources 3.1GB
STUN Protocol Network Protocols Low 126 Sources 2.4GB
T otal: 607 0 Applications / Sites 68 Categ ories 6 Risks 353 Sources 1.4 T B
KEY FINDINGS SCADA PROTOCOLS
SCADA (Supervisory Control and Data Acquisition) is a type of industrial control system (ICS) that monitors and controls industrial processes. It operates with coded
signals over communication channels so as to provide control of remote equipment. SCADA networks are usually separated from the organizational IT network for
security purposes. SCADA protocols detected on the IT network might indicate a security risk with a potential for a security breach. The following SCADA protocols
were detected on your network.
SCADA Communications
13 10 7 10
Sources Destinations Commands Ports
Top SCADA commands

Protocol & Command T ransactions T raffic
Modbus Protocol 24 2.1MB
IENA Protocol 6 386.8KB
Cygnet 3 1.6KB
Totalflow Protocol 3 1.6KB
DNP3 Protocol 1 372B
Motorola MDLC Protocol 1 0B

Totalflow Modbus ASCII Protocol 1 372B
T otal: 7 Protocols & Commands 39 T ransactions 2.5MB
KEY FINDINGS MOBILE THREATS ANALYSIS
The following section focuses on mobile threats and uncovers where your
Mobile Devices
organization is exposed to them, and offers recommendations to address these
143 Android devices

risks.

To assess risk, network traffic was inspected by Check Point to detect a variety
of security threats, including: mobile malware infections, usage and downloads
29 iOS devices
of high risk mobile apps, download of malicious mobile applications, outdated
mobile operating systems, and more.
24.9GB total mobile traffic
Mobile devices detected on corporate network (number of devices is based on

source IP addresses).
Cloud Mobile Apps Hig h Risk Apps Access to Hig h Risk Sites Malware
4 cloud base
mobile apps 1 high risk mobile
apps 37 high risk web
sites 9 downloads of
malicious apps
and malware
59.3MB traffic
290.2KB traffic 129 hits 1 infected devices
Potential risks: Exposure to web-based Download of malicious content such as

Risk of data loss and compliance High risk mobile apps are legitimate apps threats and network infection. malicious apps, malware and adware
violations. Examples: Dropbox, Google that can be used to monitor and control Examples: Spam, malicious, phishing and infected devices communicating
Drive, OneDrive. mobile devices. web sites. with Command and Control servers.
KEY FINDINGS MOBILE MALWARE AND ATTACKS
MOBILE DEVICES INFECTED WITH MALWARE

Mobile malware is malicious software that invades your mobile device. Mobile malware allow criminals to steal sensitive information from a device, take control of
the sensors to execute keylogging, steal messages, turn on video camera, and more, without your knowledge. Mobile malware play a key role in targeted attacks
known as Advanced Persistent Threats (APTs). T he following table summarizes the mobile malware detected in your network.
Bot infect ions Command and Cont rol locat ions

Infected Mobile Destination
Malware Name* Malware Family
Devices** Country
Generic.TC.hcpuzi Generic 192.168.70.120 United States
T otal: 1 Malware 1 Family 1 Device 1 Country
* Check Point’s malware naming convention: <malware type>.<operating system>.<malware family>.<variant> For more details on specific malware, search the malware name on
www.threat-cloud.com
** The total number of infected computers (sources) presents distinct computers.
DOWNLOADS OF MALICIOUS APPS AND MALWARE

With the increase in sophistication of mobile cyber threats, many targeted attacks begin with exploiting software vulnerabilities in downloaded apps and files.
During the security analysis, a number of malware-related events which indicate malicious file downloads were detected. The following table summarizes
downloads of malware by mobile devices.
Top malware downloads

Infected File Name By MD5* Downl… Downloaded from
MCHOW-PC …
scribdpremium.apk 08cad57273c0045fdd0ba288f6772eb1 4 http://www.scribd.cu.ma/images/scribdpremium.apk
HUAWEI_P20…
Click_me_to_install_SnapTub 192.168.9.52
7bc0a3710fd042f850f4cfcb770abf96 2
e_tube_uptd_as.apk 192.168.70.1…
android-
8ddb640eb13914 ed2a46dc72671b1dad1e5909982facc
FrpBypass.apk 1
26.cse.gob.ni 2
(192.168.70.100)
android-
Minecraft-v1.16.0.53- 8ddb640eb13914 d9ab5f523cc1c1dbd0e5c481cfee807
1
TechBigs.Com.apk 26.cse.gob.ni e
(192.168.70.100)
Snaptube-VIP-
MCHOW-PC fde466e26557801eef2efbfdce11e7a
v4.85.0.4851810_build_4851 1
(172.31.4.50) d
810_Downloadly.ir.apk
T otal: 5 Files 5 Sources 5 Files MD5 9
* You can analyze suspicious files by copying and pasting files’ MD5 to VirusTotal online service at www.virustotal.com
Top accessed malicious sit es

Protection Name Malicious URL Malware family Mobile sources Hits
http://core.royalads.net/click/?pub=c8e1e96b-6832-4c6a-b06b-
Infecting URL.RS.TC.gfpy 192.168.70.120 2
83f93492d89f
http://istepuleto.com/rnd/shopper?
Hiddad.RS.TC.fp 192.168.70.120 1
tesc=1pXZYTjNTsHEYzHcYxdaGA%3D%3D
http://sok.apperstap.com/autumn/bpc?
vvid=60873301&logid=logId5e95bdb2e4b0416193c7e36f&gaid=515
1c6a4-2419-4caa-aff8-
0abc947486de&appid=50844&sid=156608&aid=302861cfd6840e21
&fid=60873306&mcc=710&token=dG9rZW46O2FuaWQ6MzAyODYx
Hiddad.RS.TC.ey 192.168.70.142 1
Y2ZkNjg0MGUyMTtnb2lkOjUxNTFjNmE0LTI0MTktNGNhYS1hZmY4L
TBhYmM5NDc0ODZkZQ==&info=RSB_39DF52D9BDC896E6C8C72D
10F13D179B0F45FF719CEF40DEFBF13DBF722AB8392030CAB914B14
4E235488D03F255AF3FDEBA36440D9CEFCD7F9DA37CC5A1E610CA13
AD68F1CACA1C_logId5e95bdb2e4b0416193c7e36f
T otal: 3 Protections 0 Families 2 Mobile users 4
KEY FINDINGS HIGH RISK MOBILE APPS AND WEB SITES
HIGH RISK MOBILE APPS AND WEB SITES

Mobile apps are essential to the productivity of every organization, but they also create degrees of vulnerability in its security posture. Web is also ubiquitous in
business today. But the dynamic, constantly evolving nature of the web makes it extremely difficult to protect and enforce web usage in a corporate environment.
Identification of risky apps and sites is more critical than ever. The following risky mobile apps and risky sites accessed by mobile devices were detected in your
network.
Top hig h risk web applicat ions Hig h risk web sit es by cat eg ory
Application
App/Site Name Source Application Risk* T raffic
Categ ory
Anonymizer 192.168.9.51
192.168.9.52 Spam
ANAGABRIELA.…
UC browser Critical 290.2KB
JYK-PC.cse.gob…
android-6fcdd…
1 more Source
Spyware / M alicious Sites
T otal: 1 Application 6 Sources Critical 290.2KB
Spam 192.168.70.22
JYK-PC.cse.gob…
android-36a08…
samsungmax.com High 3.1MB Anonymizer
HUAWEI_P9_lit…
Galaxy-J2-Pro.c…
4 more Sources
192.168.9.51
Phishing
starhalo.mobi 192.168.9.52 High 589.4KB
JYK-PC.cse.gob…
boxeduzo.pro 192.168.9.52 High 368.1KB

192.168.9.51
High Suspicious Content
static.exosrv.com 77.7KB
Galaxy-J7-Prim…
192.168.9.52
tracking.lenzmx.com/click High 24.0KB
192.168.70.138
0 50
T otal: 27 Applications 20 Sources Hig h 4 .3MB Hits
KEY FINDINGS HIGH RISK MOBILE APPS AND WEB SITES
Application Categ ory App/Site Name Source Application Risk* T raffic
Spyware / Malicious Sites Galaxy-J5-

m.veporns.com Prime.cse.gob.ni_61 High 210.4KB
(192.168.70.87)
AndresJCaracas.cse.gob.ni
anrol.acohert.com/client.config High 151.7KB
(192.168.70.105)
AndresJCaracas.cse.gob.ni
acal.acalaman.com/client.config High 148.6KB
(192.168.70.105)
clicks.mbid.io/tracking/clicks 192.168.70.120 High 20.3KB
ak2.cdn.9appsdownloading.com 192.168.9.52 High 15.4KB
T otal: 8 Applications 4 Sources Hig h 564 .4 KB
Phishing client_monitor.isnssdk.com 192.168.70.28 High 68.5KB
Suspicious Content movil_Laptop_CSE

adsco.re High 5.3KB
(192.168.70.150)
T otal: 5 Categ ories 38 Applications 24 Sources Critical 5.2MB
KEY FINDINGS DATA LOSS
CLOUD-BASED STORAGE AND SHARING APPLICATIONS

Cloud-based storage and sharing applications can be essential to productivity and the routine operation of an organization, but they also create degrees of
vulnerability in its security posture. Usage of such applications can lead to data leakage and loss of control over sensitive data which can end up in the hands of
unauthorized and ill-intentioned strangers.
Top applicat ions

Application Name Application Categ ory Mobile Devices T raffic
Google Cloud Platform Computers / Internet 112 Devices 57.3MB

Office365 Business / Economy 2 Devices 2.0MB
Windows Azure Cloud Services Business / Economy 1 Device 26.8KB
Google App Engine Web Services Provider 1 Device 2.4KB
T otal: 4 Applications 3 Categ ories 112 Devices 59.3MB
KEY FINDINGS OUTDATED ANDROID VERSIONS
66 sources running Android versions 6.x or below

Android OS versions 6.x and below are considered outdated versions containing many security vulnerabilities*.
Android mobile devices and OS versions

Device model and OS version** Source IPs
Other: Dalvik/2.1.0 (Linux; U; Android 6.0.1; SM-G532M Build/MMB29T) 27 Sources

Other: Dalvik/2.1.0 (Linux; U; Android 6.0.1; SM-J700M Build/MMB29K) 5 Sources
Other: Dalvik/2.1.0 (Linux; U; Android 5.1.1; SM-J120M Build/LMY47X) 5 Sources
Other: Dalvik/2.1.0 (Linux; U; Android 6.0; CAM-L23 Build/HUAWEICAM-L23) 4 Sources

Other: Dalvik/2.1.0 (Linux; U; Android 6.0; EVA-L09 Build/HUAWEIEVA-L09) 4 Sources
Other: Dalvik/2.1.0 (Linux; U; Android 6.0; LG-X230 Build/MRA58K) 4 Sources
Other: Dalvik/2.1.0 (Linux; U; Android 6.0.1; SM-G570M Build/MMB29K) 4 Sources

Other: Dalvik/1.6.0 (Linux; U; Android 4.4.2; GT-I9195 Build/KOT49H) 4 Sources
Other: Dalvik/1.6.0 (Linux; U; Android 4.4.2; 4009F Build/KOT49H) 3 Sources

Other: Dalvik/1.6.0 (Linux; U; Android 4.4.2; G735-L23 Build/HuaweiG735-L23) 3 Sources
Other: Dalvik/2.1.0 (Linux; U; Android 5.1.1; S32C Build/LMY47V) 3 Sources
Other: Dalvik/2.1.0 (Linux; U; Android 6.0; LG-X240 Build/MRA58K) 3 Sources

Other: null/ Dalvik/2.1.0 (Linux; U; Android 6.0.1; SM-J700M Build/MMB29K) IGGSDK/1.10.0 3 Sources
Other: Dalvik/2.1.0 (Linux; U; Android 5.0.1; LG-H320 Build/LRX21Y) 3 Sources
Other: 1051069902/2.20 Dalvik/2.1.0 (Linux; U; Android 6.0.1; SM-J700M Build/MMB29K) IGGSDK/1.10.0 3 Sources
Other: Dalvik/2.1.0 (Linux; U; Android 5.1.1; SM-J111M Build/LMY47V) 2 Sources
* For further information about security vulnerabilities on Android versions: http://www.cvedetails.com/version-list/1224/19997/1/Google-Android.html

** For more visual display of devices and OS versions, copy and paste the each record above into the user-agent string search box at the bottom of
this portal: https://faisalman.github.io/ua-parser-js
KEY FINDINGS OUTDATED ANDROID VERSIONS
Device model and OS version** Source IPs
Other: Dalvik/2.1.0 (Linux; U; Android 6.0; LG-K430 Build/MRA58K) 2 Sources

Other: AndroidDownloadManager/6.0 (Linux; U; Android 6.0; CAM-L23 Build/HUAWEICAM-L23) 2 Sources
Other: Dalvik/2.1.0 (Linux; U; Android 5.1; Y14 Build/LMY47I) 1 Source
Other: Dalvik/2.1.0 (Linux; U; Android 5.1.1; SM-J700M Build/LMY48B) 1 Source

Other: Dalvik/2.1.0 (Linux; U; Android 5.1.1; SM-J200M Build/LMY47X) 1 Source
Other: Dalvik/2.1.0 (Linux; U; Android 6.0; Studio J5 Build/MRA58K) 1 Source
Other: Dalvik/1.6.0 (Linux; U; Android 4.4.4; GT-I9060I Build/KTU84P) 1 Source

Other: Dalvik/2.1.0 (Linux; U; Android 6.0; TG-L800S Build/MRA58K) 1 Source
Other: Dalvik/2.1.0 (Linux; U; Android 6.0; KT107 Build/LMY47I) 1 Source
Other: Dalvik/1.6.0 (Linux; U; Android 4.4.4; GT-I9060M Build/KTU84P) 1 Source

Other: Dalvik/2.1.0 (Linux; U; Android 5.0.2; SM-G920I Build/LRX22G) 1 Source
Other: com.zhiliaoapp.musically/2021504030 (Linux; U; Android 6.0.1; es_ES; SM-G532M; Build/MMB29T; Cronet/TTNetVersion:3154e55 1 Source
Other: Dalvik/2.1.0 (Linux; U; Android 6.0.1; SM-J106B Build/MMB29Q) 1 Source

Other: Dalvik/2.1.0 (Linux; U; Android 6.0; 4034A Build/MRA58K) 1 Source
T otal: 39 Models and OS versions 66 Sources
KEY FINDINGS ENDPOINTS
Endpoints Involved in Hig h Risk Web Access and Endpoints Involved in Malware and Attack Incidents
Data Loss Incidents
56 209 39 11 0
running high risk accessed high risk web infected with malware malwares downloaded received email
applications sites containing link to
malicious site
134 0 26 39 86
users accessed users involved in accessed a site known attacked sources attacked destinations
questionable, potential data loss to contain malware (Source IP addresses of IPS events) (Destination IP addresses of IPS events)
nonbusiness related incidents

web sites
Check Point Infinity
It provides complete threat prevention which seals

THE CYBER SECURITY security gaps, enables automatic, immediate threat
intelligence sharing across all security
ARCHITECTURE OF THE FUTURE environments, and a unified security management
for an utmost efficient security operation.
Growing connectivity along with evolving networks
and technologies provide great opportunities for UNIFIED SECURIT Y ACROSS ALL
businesses, but also presents new and more NET WORKS, CLOUD AND MOBILE
sophisticated threats. Securing networks is Check Point Infinity leverages unified threat
becoming more complex, often requiring advanced intelligence and open interfaces to block attacks
technologies and high level of human expertise. on all platforms before they infiltrate the network.
Separate IT environments often drive businesses The interconnectivity between all Check Point’s
to apply different point solutions, many of which components delivers consistent security through
are focused on detection and mitigation rather advanced threat prevention, data protections, web
than prevention. This reactive approach to security and more. In addition, the different
cyberattacks is costly and ineffective, complicates components share the same set of interfaces and
security operations and creates inherent gaps in APIs, enabling consistent protection and simplified
security posture. Enterprises need a more operation across all networks. Check Point Infinity
complete architecture that scales with dynamic also includes the broadest security coverage
business demands and focused on prevention to available for the cloud in today’s market, delivering
ensure all IT environments are completely the same levels of advanced security, regardless
protected. of the cloud provider selection. Migration of
business applications to mobile has transformed
SOLUT ION the way we use our devices, exposing us to new
Check Point Infinity is the only fully consolidated types of cyber threats. SandBlast Mobile, the
cyber security architecture that futureproofs your industry’s most secure mobile protection,
business and IT infrastructure across all networks, maximizes mobility and security infrastructure with
cloud and mobile. The architecture is designed to the widest set of integrations in the industry to
resolve the complexities of growing connectivity ensure you stay protected anytime and anywhere.
and inefficient security.
SOLUT ION CONSOLIDAT ED SECURIT Y

Deploying security which is based on detection BENEFIT S
MANAGEMENT
and followed by remediation is costly and Managing the entire security network is often
inefficient, since it allows attackers to infiltrate the Prevention-driven cyber security, powered by
complicated and demands high level of human the most advanced threat prevention solutions
network and cause damage before remediation is expertise. Check Point Infinity, powered by R80.x
done. Check Point Infinity prevents known and against known and unknown threats.
security management version, brings all security
zero-day unknown threats from penetrating the protections and functions under one umbrella,
network with SandBlast product family, saving time Consistent security across all Check Point
with a single console which enables easier components with shared threat intelligence
and the costs associated with remediating the operation and more efficient management of the
damages. SandBlast solutions include over 30 across networks, cloud and mobile.
entire security network. The single console
different innovative technologies and additional introduces unparalleled granular control and
prevention capabilities across all environments: Unified and efficient management of the
consistent security, and provides rich policy entire security network through a single pane
management which enables delegation of policies of glass.
Network-based threat prevention for security within the enterprise. The unified management,
gateways with best-in-class IPS, AV, post-infection based on modular policy management and rich
BOT prevention, network Sandboxing (threat Rich integrations with 3rd party solutions with
integrations with 3rd party solutions through flexible APIs.
emulation) and malware sanitation with Threat flexible APIs, enables automation of routine tasks
Extraction. to increase operational efficiencies, freeing up
security teams to focus on strategic security rather
SandBlast Agent endpoint detection and than repetitive tasks.
response solution with forensics, anti- CONT ACT US
ransomware, AV, post-infection BOT prevention Worldwide Headquarters
and Sandboxing on the endpoint. SUMMARY 5 Ha’Solelim Street, Tel Aviv 67897, Israel
Preventing the next cyber-attack is a possible Tel: 972-3-753-4555 | Fax: 972-3-624-1100
SandBlast Mobile advanced threat prevention for mission. Check Point has the most advanced Email: info@checkpoint.com
mobile devices protects from threats on the device technologies and threat prevention solutions for U.S. Headquarters
(OS), in apps, and in the network, and delivers the the entire IT infrastructure. Check Point Infinity 959 Skyway Road, Suite 300, San Carlos, CA
industry’s highest threat catch rate for iOS and architecture unifies the entire IT security, providing 94070 | Tel: 800-429-4391; 650-628-2000
Android. real-time shared threat intelligence and a Fax: 650-654-4233
preemptive protection – all managed by a single,
SandBlast for Office365 cloud, part of Check consolidated console. Future-proof your business
Point’s cloud security offerings. and ensure business continuity with the
architecture that keeps you protected against any
threat, anytime and anywhere.
About Check Point security architecture that enables end-to-end

security with a single line of unified security
gateways, and allow a single agent for all endpoint
Check Point Software Technologies' mission is to security that can be managed from a single unified
secure the Internet. Check Point was founded in management console. This unified management
1993, and has since developed technologies to allows for ease of deployment and centralized
secure communications and transactions over the control and is supported by, and reinforced with,
Internet by enterprises and consumers. real-time security updates.
Check Point was an industry pioneer with our Our products and services are sold to enterprises,
FireWall-1 and our patented Stateful Inspection service providers, small and medium sized
technology. Check Point has extended its IT businesses and consumers. Our Open Platform
security innovation with the development of our for Security (OPSEC) framework allows customers
Software Blade architecture. The dynamic Software to extend the capabilities of our products and
Blade architecture delivers secure, flexible and services with third-party hardware and security
simple solutions that can be customized to meet software applications. Our products are sold,
the security needs of any organization or integrated and serviced by a network of partners
environment. worldwide. Check Point customers include tens of
thousands of businesses and organizations of all
Check Point develops markets and supports a sizes including all Fortune 100 companies. Check
wide range of software, as well as combined Point's award-winning ZoneAlarm solutions protect
hardware and software products and services for millions of consumers from hackers, spyware and
IT security. We offer our customers an extensive identity theft.
portfolio of network and gateway security
solutions, data and endpoint security solutions www.checkpoint.com
and management solutions. Our solutions operate
under a unified

Security Checkup - Advanced Apr 23 2020 9 28 41 AM

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Security Checkup - Advanced Apr 23 2020 9 28 41 AM

Hochgeladen von

Copyright:

Verfügbare Formate

Date

Industry Analysis duration Traffic inspected by the following

The following Security Checkup report

Data Loss Hig h Risk Web Access

0 8.3GB 2.4K hits

Indicates information sent outside the

CHECK POINT INFINITY

Pre Inf ection

Malicious t raffic connect ed t o infect ed end-point (inbound/out bound connect ions)

Top malwares in t he net work Top infect ed machines **

Conficker_B.TC.akg United Kingdo…

Conficker_B.TC.ajv United Kingdo… 172.31.1.100

T otal: 2.8K 172.31.13.33

Malware downloads over ht t p Top 5 sources downloaded malware

Minecraft-v1.16.0.53- Malicious file/exploit android-

SkinPacks_3855430375.exe Malicious file/exploit android-

Andromeda http://differentia.ru/diff.php URL Reputation 45

Adware server2.aserdefa.ru DNS Reputation 22

Generic netflix-usa.net DNS Reputation 5

XC-99AF12 Microsoft Windows NT CVE-2000-1200 172.31.1.82 78 External_VPN_F5 (172.16.100.21)

OpenSSL TLS Man-In- CVE-2014-0224

T otal: 4 Exploits 3 References 1 Source 15

94.242.62.212 Suspicious Malvertising Admon_UCB (1…

Attacked Destination Attack / Exploit Industry Reference Attack Source Events

T otal: 86 Destinations 24 Exploits 16 References 39 Sources 527

Top scanned servers

0.0.0.0 External_Check_Point_GW (172.16.100.1)

T otal: 1 Attack / Exploit 69 2 Sources

Host_192.168.5.107 (192.168.5.107) 172.31.1.82

T otal: 1 Attack / Exploit 64 2 Sources

T otal: 1 Attack / Exploit 64 2 Sources

T otal: 1 Attack / Exploit 63 2 Sources

T otal: 1 Attack / Exploit 57 2 Sources

T arg et end-point Attack / Exploit Events Source

T otal: 1 Attack / Exploit 57 2 Sources

T otal: 1 Attack / Exploit 56 2 Sources

T otal: 1 Attack / Exploit 54 2 Sources

T otal: 1 Attack / Exploit 48 2 Sources

T otal: 1 Attack / Exploit 46 2 Sources

XC-99AF12 (192.168.5.75) 172.31.1.82

T otal: 1 Attack / Exploit 46 2 Sources

T otal: 1 Attack / Exploit 35 2 Sources

T otal: 1 Attack / Exploit 34 2 Sources

T arg et end-point Attack / Exploit Events Source

192.168.5.3 T otal: 1 Attack / Exploit 23 2 Sources

fdma_host02 (192.168.5.89) Brute Force Scanning of CIFS Ports 17 Host_172.31.1.140 (172.31.1.140)

T otal: 1 Attack / Exploit 17 1 Source

T otal: 1 Attack / Exploit 16 2 Sources

T otal: 1 Attack / Exploit 16 2 Sources

T otal: 1 Attack / Exploit 16 2 Sources

BRN001BA9595574 (192.168.5.85) Brute Force Scanning of CIFS Ports 13 Host_172.31.1.140 (172.31.1.140)

T otal: 1 Attack / Exploit 13 1 Source

Nmap Scripting Engine Scanner Over HTTP Request 2 F5_SelfIP_VLAN100 (172.16.100.2)

T otal: 2 Attacks / Exploits 11 1 Source

T otal: 1 Attack / Exploit 10 2 Sources

PRT_RH00 (192.168.5.73) 172.31.1.82

T otal: 1 Attack / Exploit 9 2 Sources

fdma69 (192.168.5.48) Brute Force Scanning of CIFS Ports 6 Host_172.31.1.140 (172.31.1.140)

T otal: 1 Attack / Exploit 6 1 Source

T arg et end-point Attack / Exploit Events Source

T otal: 1 Attack / Exploit 6 2 Sources

T otal: 1 Attack / Exploit 6 2 Sources

T otal: 1 Attack / Exploit 6 2 Sources