Watch an overview of the Backoff malware that exhibits highly evasive characteristics. Engin Kirda, Ph.D., Co-Founder and Chief Architect at Lastline, gives a background on Backoff and an introduction into the concept of evasive malware.
Backoff PoS Malware is interesting because:
° Over 1000 business have been affected according to the Secret Service
° Used in numerous high profile breaches in the past year
° Targets point-of-sale systems
° Exhibits highly evasive behaviors intended to bypass detection
Detect Advanced and Evasive Malware in Your Network:
http://landing.lastline.com/request-lastline-trial
14. Thank You!
For more information visit www.lastline.com
or contact us at info@lastline.com.
Notes de l'éditeur
rtdsc looping (timing evasion)
obfuscation uses a mildly obfuscated code (oligomorphic decryptor), multistage encrypted shellcode, runpe/hollowing, encryption
track/keylogger data sent to c2 is encrypted; networked based detection of the c2 still quite easy -> enterprise could detect it reliably, but DLP mechanisms would fail
Using publicly available services and tools for each step
emv reduces the value of stolen transaction data, as the transaction data has a limited number of “re-uses”
end to end encryption prevents PoS malware from collecting transaction data, reducing the attack surface
build verification and detailed behavioral analysis of all software being pushed to PoS systems could absolutely have stopped many these breaches
comprehensive analysis of network traffic could have identified them quickly and easily… began providing protection before samples were seen, and alerts for the first c2 events