Check Point
Pugh & Tiller Helps Check Point Break Story on Malicious Extensions on Visual Studio Code
The Client
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading AI-powered, cloud-delivered cyber security platform provider protecting over 100,000 organizations worldwide. Check Point leverages the power of AI everywhere to enhance cyber security efficiency and accuracy through its Infinity Platform, with industry-leading catch rates enabling proactive threat anticipation and smarter, faster response times. The comprehensive platform includes cloud-delivered technologies consisting of Check Point Harmony to secure the workspace, Check Point CloudGuard to secure the cloud, Check Point Quantum to secure the network, and Check Point Infinity Core Services for collaborative security operations and services.
The Challenge
In May 2023, a Check Point cloud security research team detected malicious extensions on the Visual Studio Code (VSCode) marketplace, the free and popular open-source code editor developed by Microsoft. Malicious extensions can pose a serious security risk to users by installing malware, stealing PII and user data, or performing other harmful actions. Check Point found and disclosed several malicious extensions to the VSCode team with a total count of more than 45,000 installs. The objectives for Check Point were to quickly alert VSCode users and the public at large about Check Point’s discovery of the malicious extensions; to reinforce its position as a leading cybersecurity company; and increase attention of and drive traffic to Check Point’s blog not only as the go-to resource for information about the VSCode malicious extension findings, but also for information on other cybersecurity incidents and discoveries.
The Solution
To share their findings publicly, the internal cloud security research and marketing teams at Check Point developed a comprehensive blog post detailing the discovery, disclosure, and pertinent details about the VSCode malicious extensions that they intended to publish and syndicate across their social media channels. To further amplify this approach and meet the stated objectives, Pugh & Tiller devised a media outreach strategy to target a small, but specific list of cybersecurity reporters who cover malicious extensions and similar attacks and use the Check Point blog as the primary source reference. Because of the subject’s sensitivity and need for reporters to write about the discovery quickly, Pugh & Tiller advised Check Point to make the blog link private temporarily and available only to those media who received it directly under embargo, at which point the blog would go live. By using this approach, coverage would be synched with the blog’s public posting and, more importantly, give the right reporters time to craft a thorough story about the VSCode research.
The Results
Upon conducting the initial round of media pitching, Pugh & Tiller received prompt interest from Bleeping Computer, soon followed by other reporters and publications. Within 24 hours of media outreach, Bleeping Computer published its story, “Malicious Microsoft VSCode extensions steal passwords, open remote shells.”
Over the course of the next few days, the story on reporting the detection of malicious extensions (including a link to the Check Point blog post on VSCode vulnerability) drove 55+ media hits in top cybersecurity publications, among them: SC Media, TheRegister, The Hacker News, TechRadar, Yahoo News, CISO Series, Tech Tribune France, My Navi News Japan, iThome Taiwan and others. This coverage resulted in a 26 percent increase in overall Check Point web traffic and increased the company’s share of voice against market competitors. Additionally, the Check Point blog post on the VSCode malicious extensions became the most-viewed blog for the company in 2023 with 22,275 views and accounted for 44 percent of Check Point’s cloud security blog traffic in 2023
This campaign resulted in Pugh & Tiller being named a finalist and honorable mention recipient in the 2024 PRNEWS Platinum Awards, the world’s largest and most prestigious recognition program for public relations and communications professionals.
