SlideShare une entreprise Scribd logo
1  sur  14
Backoff My Point-of-Sale Data! 
Profiling the Backoff PoS Malware Affecting Retailers 
Engin Kirda 
Ph.D., Co-Founder & Chief Architect, Lastline 
www.lastline.com
What is Backoff? 
• Malware used in numerous breaches in the last year 
• Secret Service currently estimates 1,000+ U.S. businesses affected 
• Targeted to PoS systems 
• Evades analysis 
Copyright ©2014 Lastline, Inc. All rights reserved. 2
Recent and Notable Retail/Payments Breaches 
• The last year has seen a dramatic escalation in the number of 
breached PoS systems 
• Many of these PoS payloads, like Backoff, evaded installed 
defenses and alarms 
Copyright ©2014 Lastline, Inc. All rights reserved. 3
What is Backoff? 
[1 Slide Summary from Kyle] 
• Product screenshot? 
• Mention evasive behaviors exhibited 
Copyright ©2014 Lastline, Inc. All rights reserved. 4
What is Backoff? 
• Timing evasion (an anti-VM technique) 
• Utilizes code obfuscation 
• Also uses rare and poorly emulated instructions to defeat simple 
emulators 
• Attempts to encrypt parts of the command and control traffic 
Copyright ©2014 Lastline, Inc. All rights reserved. 5
How are the attackers deploying it? 
• Scan for Internet facing Remote Desktop applications 
• Brute force login credentials 
• Often successfully find administrative credentials 
• Use admin credentials to deploy Backoff to remote PoS systems 
Copyright ©2014 Lastline, Inc. All rights reserved. 6
Understanding Evasive Malware 
Malware authors are not stupid 
• they got the news that sandboxes are all the rage now 
• since the code is executed, malware authors have options 
Evasion defined 
• Develop code that exhibits no malicious behavior in a traditional 
sandbox, but still infects the intended target 
• Can be achieved in a variety of ways… 
Copyright ©2014 Lastline, Inc. All rights reserved. 7
8 
The Evasive Malware Problem 
Current solutions fail to protect organizations from sophisticated, targeted attacks. 
Copyright ©2014 Lastline, Inc. All rights reserved.
Lastline Labs AV Vendor Review 
Antivirus systems take months to catch up to highly evasive threats. 
Copyright ©2014 Lastline, Inc. All rights reserved. 9
3 Ways to Build a Sandbox 
Not all sandbox solutions can detect highly evasive malware. 
Copyright ©2014 Lastline, Inc. All rights reserved. 10
Virtualized Sandboxing vs. Full System Emulation 
Even APT Solutions with virtualized sandboxing fail to detect highly evasive malware. 
Copyright ©2014 Lastline, Inc. All rights reserved. 11
Securing Your Organization 
• At PoS: Accept EMV payments to limit exposure in case of a breach 
• At PoS: E2E encryption of transaction (POI never has cleartext) 
• Detect and protect against malware and C&C 
• Full system emulation approach with Lastline 
Copyright ©2014 Lastline, Inc. All rights reserved. 12
Detect Evasive Malware in Your Network 
Start your 30-day Lastline trial: http://landing.lastline.com/request-lastline-trial 
“I would highly recommend 
Lastline to any company that 
is entrusted with customer 
data. Retailers, restaurants, 
or any organization that is 
interested in elevating their 
handling and protection of 
data could benefit from 
working with Lastline.” 
Tom Lindblom 
CTO, CKE Restaurants 
Copyright ©2014 Lastline, Inc. All rights reserved. 13
Thank You! 
For more information visit www.lastline.com 
or contact us at info@lastline.com.

Contenu connexe

Tendances

Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Web Intrusion Detection
Web Intrusion Detection Web Intrusion Detection
Web Intrusion Detection Abhishek Singh
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...Imperva Incapsula
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companiesMona Arkhipova
 
On the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkOn the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkTom Mens
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Security Weekly
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackImperva Incapsula
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
 
Newsletter Connect - Sep 2015
Newsletter Connect  - Sep 2015Newsletter Connect  - Sep 2015
Newsletter Connect - Sep 2015Arish Roy
 
Build and deploy bulletproof software
Build and deploy bulletproof softwareBuild and deploy bulletproof software
Build and deploy bulletproof softwareFabrice Derepas
 
Network Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationNetwork Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationEmulex Corporation
 
Positive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsPositive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsMona Arkhipova
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentationdavebrosnan
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within AgileNetlight Consulting
 

Tendances (20)

Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
 
Web Intrusion Detection
Web Intrusion Detection Web Intrusion Detection
Web Intrusion Detection
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companies
 
On the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkOn the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency network
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to Enterprises
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted List
 
Newsletter Connect - Sep 2015
Newsletter Connect  - Sep 2015Newsletter Connect  - Sep 2015
Newsletter Connect - Sep 2015
 
Build and deploy bulletproof software
Build and deploy bulletproof softwareBuild and deploy bulletproof software
Build and deploy bulletproof software
 
Network Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationNetwork Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentation
 
Virtual Security
Virtual SecurityVirtual Security
Virtual Security
 
Positive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsPositive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсs
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentation
 
Protection Service for Business
Protection Service for BusinessProtection Service for Business
Protection Service for Business
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within Agile
 

En vedette

4 ltr powerpoint2010_ch21_pr1a_briannaspinney_2
4 ltr powerpoint2010_ch21_pr1a_briannaspinney_24 ltr powerpoint2010_ch21_pr1a_briannaspinney_2
4 ltr powerpoint2010_ch21_pr1a_briannaspinney_2Brianna Spinney
 
KCB101 Not Your Mothers' Storyboard
KCB101 Not Your Mothers' StoryboardKCB101 Not Your Mothers' Storyboard
KCB101 Not Your Mothers' Storyboardfrancesliam
 
Vaccination Schedules for Dogs and Puppies
Vaccination Schedules for Dogs and PuppiesVaccination Schedules for Dogs and Puppies
Vaccination Schedules for Dogs and Puppiescanadapetcare
 
Siklus anggaran forum skpd
Siklus anggaran forum skpdSiklus anggaran forum skpd
Siklus anggaran forum skpdIndra Djatie
 
FC Barcelona, trayectoria de sus estadios
FC Barcelona, trayectoria de sus estadiosFC Barcelona, trayectoria de sus estadios
FC Barcelona, trayectoria de sus estadiosRopa Deportiva Online
 
Three things for wildcard ssl certs
Three things for wildcard ssl certsThree things for wildcard ssl certs
Three things for wildcard ssl certstas-hiro
 
Liptonvscold final
Liptonvscold finalLiptonvscold final
Liptonvscold finalOleg Idolov
 
PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...
PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...
PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...Universitas Sumatera Utara
 
Tech slide show
Tech slide showTech slide show
Tech slide showLevi Lynch
 
(Lovern tamra historyingraphicdesign)powerpoint
(Lovern tamra historyingraphicdesign)powerpoint(Lovern tamra historyingraphicdesign)powerpoint
(Lovern tamra historyingraphicdesign)powerpointTamra Lovern
 
Sophia grant 3100849 lang6099 power point presentationl
Sophia grant 3100849 lang6099 power point presentationlSophia grant 3100849 lang6099 power point presentationl
Sophia grant 3100849 lang6099 power point presentationlturbs1995
 
Blenderman by panda_apps_presentation
Blenderman by panda_apps_presentationBlenderman by panda_apps_presentation
Blenderman by panda_apps_presentationmrjonesbrgs
 
Real Madrid, trayectoria de su estadio
Real Madrid, trayectoria de su estadioReal Madrid, trayectoria de su estadio
Real Madrid, trayectoria de su estadioRopa Deportiva Online
 

En vedette (20)

4 ltr powerpoint2010_ch21_pr1a_briannaspinney_2
4 ltr powerpoint2010_ch21_pr1a_briannaspinney_24 ltr powerpoint2010_ch21_pr1a_briannaspinney_2
4 ltr powerpoint2010_ch21_pr1a_briannaspinney_2
 
Realmadrid-Atleticodemadrid
Realmadrid-AtleticodemadridRealmadrid-Atleticodemadrid
Realmadrid-Atleticodemadrid
 
KCB101 Not Your Mothers' Storyboard
KCB101 Not Your Mothers' StoryboardKCB101 Not Your Mothers' Storyboard
KCB101 Not Your Mothers' Storyboard
 
Vaccination Schedules for Dogs and Puppies
Vaccination Schedules for Dogs and PuppiesVaccination Schedules for Dogs and Puppies
Vaccination Schedules for Dogs and Puppies
 
Siklus anggaran forum skpd
Siklus anggaran forum skpdSiklus anggaran forum skpd
Siklus anggaran forum skpd
 
FC Barcelona, trayectoria de sus estadios
FC Barcelona, trayectoria de sus estadiosFC Barcelona, trayectoria de sus estadios
FC Barcelona, trayectoria de sus estadios
 
Three things for wildcard ssl certs
Three things for wildcard ssl certsThree things for wildcard ssl certs
Three things for wildcard ssl certs
 
Liptonvscold final
Liptonvscold finalLiptonvscold final
Liptonvscold final
 
White stone meandr
White stone meandrWhite stone meandr
White stone meandr
 
PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...
PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...
PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...
 
Tech slide show
Tech slide showTech slide show
Tech slide show
 
(Lovern tamra historyingraphicdesign)powerpoint
(Lovern tamra historyingraphicdesign)powerpoint(Lovern tamra historyingraphicdesign)powerpoint
(Lovern tamra historyingraphicdesign)powerpoint
 
Sophia grant 3100849 lang6099 power point presentationl
Sophia grant 3100849 lang6099 power point presentationlSophia grant 3100849 lang6099 power point presentationl
Sophia grant 3100849 lang6099 power point presentationl
 
Snoring
SnoringSnoring
Snoring
 
Ashley
AshleyAshley
Ashley
 
JLF
JLFJLF
JLF
 
Blenderman by panda_apps_presentation
Blenderman by panda_apps_presentationBlenderman by panda_apps_presentation
Blenderman by panda_apps_presentation
 
Prezentacja1
Prezentacja1Prezentacja1
Prezentacja1
 
Real Madrid, trayectoria de su estadio
Real Madrid, trayectoria de su estadioReal Madrid, trayectoria de su estadio
Real Madrid, trayectoria de su estadio
 
Alvaro
AlvaroAlvaro
Alvaro
 

Similaire à A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryInvincea, Inc.
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified — Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified — Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteImperva Incapsula
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against MalwarePrecisely
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat RansomwareIvanti
 
(Isc)² secure johannesburg
(Isc)² secure johannesburg (Isc)² secure johannesburg
(Isc)² secure johannesburg Tunde Ogunkoya
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionLastline, Inc.
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Ch07.ppt
Ch07.pptCh07.ppt
Ch07.pptImXaib
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityImperva Incapsula
 
Hacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindHacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindImperva
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 

Similaire à A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses (20)

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified — Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified — Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against Malware
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
 
(Isc)² secure johannesburg
(Isc)² secure johannesburg (Isc)² secure johannesburg
(Isc)² secure johannesburg
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade Detection
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Ch07.ppt
Ch07.pptCh07.ppt
Ch07.ppt
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
 
Hacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindHacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd Kind
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 

Plus de Lastline, Inc.

Lastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline, Inc.
 
Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights |  Lastline, Inc.Infosec Europe 2017 Highlights |  Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Lastline, Inc.
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareLastline, Inc.
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Lastline, Inc.
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Lastline, Inc.
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Lastline, Inc.
 

Plus de Lastline, Inc. (8)

Lastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline RSAC 2018 Highlights
Lastline RSAC 2018 Highlights
 
Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights |  Lastline, Inc.Infosec Europe 2017 Highlights |  Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
 
Lastline Case Study
Lastline Case StudyLastline Case Study
Lastline Case Study
 

Dernier

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers:  A Deep Dive into Serverless Spatial Data and FMECloud Frontiers:  A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 

Dernier (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers:  A Deep Dive into Serverless Spatial Data and FMECloud Frontiers:  A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 

A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses

  • 1. Backoff My Point-of-Sale Data! Profiling the Backoff PoS Malware Affecting Retailers Engin Kirda Ph.D., Co-Founder & Chief Architect, Lastline www.lastline.com
  • 2. What is Backoff? • Malware used in numerous breaches in the last year • Secret Service currently estimates 1,000+ U.S. businesses affected • Targeted to PoS systems • Evades analysis Copyright ©2014 Lastline, Inc. All rights reserved. 2
  • 3. Recent and Notable Retail/Payments Breaches • The last year has seen a dramatic escalation in the number of breached PoS systems • Many of these PoS payloads, like Backoff, evaded installed defenses and alarms Copyright ©2014 Lastline, Inc. All rights reserved. 3
  • 4. What is Backoff? [1 Slide Summary from Kyle] • Product screenshot? • Mention evasive behaviors exhibited Copyright ©2014 Lastline, Inc. All rights reserved. 4
  • 5. What is Backoff? • Timing evasion (an anti-VM technique) • Utilizes code obfuscation • Also uses rare and poorly emulated instructions to defeat simple emulators • Attempts to encrypt parts of the command and control traffic Copyright ©2014 Lastline, Inc. All rights reserved. 5
  • 6. How are the attackers deploying it? • Scan for Internet facing Remote Desktop applications • Brute force login credentials • Often successfully find administrative credentials • Use admin credentials to deploy Backoff to remote PoS systems Copyright ©2014 Lastline, Inc. All rights reserved. 6
  • 7. Understanding Evasive Malware Malware authors are not stupid • they got the news that sandboxes are all the rage now • since the code is executed, malware authors have options Evasion defined • Develop code that exhibits no malicious behavior in a traditional sandbox, but still infects the intended target • Can be achieved in a variety of ways… Copyright ©2014 Lastline, Inc. All rights reserved. 7
  • 8. 8 The Evasive Malware Problem Current solutions fail to protect organizations from sophisticated, targeted attacks. Copyright ©2014 Lastline, Inc. All rights reserved.
  • 9. Lastline Labs AV Vendor Review Antivirus systems take months to catch up to highly evasive threats. Copyright ©2014 Lastline, Inc. All rights reserved. 9
  • 10. 3 Ways to Build a Sandbox Not all sandbox solutions can detect highly evasive malware. Copyright ©2014 Lastline, Inc. All rights reserved. 10
  • 11. Virtualized Sandboxing vs. Full System Emulation Even APT Solutions with virtualized sandboxing fail to detect highly evasive malware. Copyright ©2014 Lastline, Inc. All rights reserved. 11
  • 12. Securing Your Organization • At PoS: Accept EMV payments to limit exposure in case of a breach • At PoS: E2E encryption of transaction (POI never has cleartext) • Detect and protect against malware and C&C • Full system emulation approach with Lastline Copyright ©2014 Lastline, Inc. All rights reserved. 12
  • 13. Detect Evasive Malware in Your Network Start your 30-day Lastline trial: http://landing.lastline.com/request-lastline-trial “I would highly recommend Lastline to any company that is entrusted with customer data. Retailers, restaurants, or any organization that is interested in elevating their handling and protection of data could benefit from working with Lastline.” Tom Lindblom CTO, CKE Restaurants Copyright ©2014 Lastline, Inc. All rights reserved. 13
  • 14. Thank You! For more information visit www.lastline.com or contact us at info@lastline.com.

Notes de l'éditeur

  1. rtdsc looping (timing evasion) obfuscation uses a mildly obfuscated code (oligomorphic decryptor), multistage encrypted shellcode, runpe/hollowing, encryption track/keylogger data sent to c2 is encrypted; networked based detection of the c2 still quite easy -> enterprise could detect it reliably, but DLP mechanisms would fail
  2. Using publicly available services and tools for each step
  3. emv reduces the value of stolen transaction data, as the transaction data has a limited number of “re-uses” end to end encryption prevents PoS malware from collecting transaction data, reducing the attack surface build verification and detailed behavioral analysis of all software being pushed to PoS systems could absolutely have stopped many these breaches comprehensive analysis of network traffic could have identified them quickly and easily… began providing protection before samples were seen, and alerts for the first c2 events