A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses

•Download as PPTX, PDF•

0 likes•533 views

Watch an overview of the Backoff malware that exhibits highly evasive characteristics. Engin Kirda, Ph.D., Co-Founder and Chief Architect at Lastline, gives a background on Backoff and an introduction into the concept of evasive malware. Backoff PoS Malware is interesting because: ° Over 1000 business have been affected according to the Secret Service ° Used in numerous high profile breaches in the past year ° Targets point-of-sale systems ° Exhibits highly evasive behaviors intended to bypass detection Detect Advanced and Evasive Malware in Your Network: http://landing.lastline.com/request-lastline-trial

Technology

What is Backoff?
• Malware used in numerous breaches in the last year
• Secret Service currently estimates 1,000+ U.S. businesses affected
• Targeted to PoS systems
• Evades analysis
Copyright ©2014 Lastline, Inc. All rights reserved. 2

Recent and Notable Retail/Payments Breaches
• The last year has seen a dramatic escalation in the number of
breached PoS systems
• Many of these PoS payloads, like Backoff, evaded installed
defenses and alarms
Copyright ©2014 Lastline, Inc. All rights reserved. 3

What is Backoff?
[1 Slide Summary from Kyle]
• Product screenshot?
• Mention evasive behaviors exhibited
Copyright ©2014 Lastline, Inc. All rights reserved. 4

What is Backoff?
• Timing evasion (an anti-VM technique)
• Utilizes code obfuscation
• Also uses rare and poorly emulated instructions to defeat simple
emulators
• Attempts to encrypt parts of the command and control traffic
Copyright ©2014 Lastline, Inc. All rights reserved. 5

How are the attackers deploying it?
• Scan for Internet facing Remote Desktop applications
• Brute force login credentials
• Often successfully find administrative credentials
• Use admin credentials to deploy Backoff to remote PoS systems
Copyright ©2014 Lastline, Inc. All rights reserved. 6

Understanding Evasive Malware
Malware authors are not stupid
• they got the news that sandboxes are all the rage now
• since the code is executed, malware authors have options
Evasion defined
• Develop code that exhibits no malicious behavior in a traditional
sandbox, but still infects the intended target
• Can be achieved in a variety of ways…
Copyright ©2014 Lastline, Inc. All rights reserved. 7

8
The Evasive Malware Problem
Current solutions fail to protect organizations from sophisticated, targeted attacks.
Copyright ©2014 Lastline, Inc. All rights reserved.

Lastline Labs AV Vendor Review
Antivirus systems take months to catch up to highly evasive threats.
Copyright ©2014 Lastline, Inc. All rights reserved. 9

3 Ways to Build a Sandbox
Not all sandbox solutions can detect highly evasive malware.
Copyright ©2014 Lastline, Inc. All rights reserved. 10

Virtualized Sandboxing vs. Full System Emulation
Even APT Solutions with virtualized sandboxing fail to detect highly evasive malware.
Copyright ©2014 Lastline, Inc. All rights reserved. 11

Securing Your Organization
• At PoS: Accept EMV payments to limit exposure in case of a breach
• At PoS: E2E encryption of transaction (POI never has cleartext)
• Detect and protect against malware and C&C
• Full system emulation approach with Lastline
Copyright ©2014 Lastline, Inc. All rights reserved. 12

Detect Evasive Malware in Your Network
Start your 30-day Lastline trial: http://landing.lastline.com/request-lastline-trial
“I would highly recommend
Lastline to any company that
is entrusted with customer
data. Retailers, restaurants,
or any organization that is
interested in elevating their
handling and protection of
data could benefit from
working with Lastline.”
Tom Lindblom
CTO, CKE Restaurants
Copyright ©2014 Lastline, Inc. All rights reserved. 13

Thank You!
For more information visit www.lastline.com
or contact us at info@lastline.com.

What's hot

There have been many recent publications that focused on malware evasion techniques – specifically techniques that malware employs to avoid detection and tools that can be used to defeat this evasion. But what happens when malware doesn’t need to evade detection because it first disables the very tools you’re using to detect malware and evade detection? It sounds complicated but the threat is very real and extremely easy to accomplish.

Endpoint Security Evasion

Invincea, Inc.

Web Intrusion Detection

Abhishek Singh

Advanced Persistent Threats

ESET

Firewall, Router and Switch Configuration Review

Christine MacDonald

DDoS attacks are bigger and more sophisticated than ever before. Odds are your business is going to be attacked – and without an effective mitigation strategy, you don't stand a chance. In this webinar Andrew Shoemaker a DDoS simulation expert from NimbusDDOS gives you a rare glimpse into how hackers find the weak points in your defenses and exploit them to level devastating DDoS attacks. You'll see real world examples of the tactics and methods used to create tailored DDoS attacks that can bring down a targeted network or application, and learn how best to defend them.

[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...

Imperva Incapsula

Security Ops for large and small companies

Mona Arkhipova

Presentation slides of MSR 2018 article, co-authored by Alexandre Decan, Tom Mens and Eleni Constantinou from University of Mons, Belgium. Research carried out as part of the SECOHealth and SECO-ASSIST research projects. Abstract: Security vulnerabilities are among the most pressing problems in open source software package libraries. It may take a long time to discover and fix vulnerabilities in packages. In addition, vulnerabilities may propagate to dependent packages, making them vulnerable too. This paper presents an empirical study of nearly 400 security reports over a 6-year period in the npm dependency network containing over 610k JavaScript packages. Taking into account the severity of vulnerabilities, we analyse how and when these vulnerabilities are discovered and fixed, and to which extent they affect other packages in the packaging ecosystem in presence of dependency constraints. We report our findings and provide guidelines for package maintainers and tool developers to improve the process of dealing with security issues.

On the impact of security vulnerabilities in the npm package dependency network

Tom Mens

Following months of in-depth worldwide business user research and thousands of man-hours spent on its development, we are proudly introducing the new, completely re-engineered and redesigned line of #ESET business security products, now available worldwide. Check out our multi-layered security solutions and #DoMore! http://www.eset.com/int/about/press/articles/products/article/esets-next-generation-business-security-products-now-available-worldwide

ESET: Delivering Benefits to Enterprises

ESET

A robot, a ninja and a pirate get into a fight. The question is: who wins? While we can debate this question until the end of time, likely have fun in the process; it’s a waste of time. Who are the robots, ninjas and pirates in your environment? What roles do they play in the vulnerability management process? We debate how to build a vulnerability management program all the time, however we are still spinning our wheels. Unlike the robot, ninja, pirate battle, there are concrete facts that will help you build a successful program, and avoid smoke bombs, swords, and robot death rays. Who wins? Find out in this presentation and learn how to protect your booty.

Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...

Security Weekly

By Nabeel Saeed This presentation explores the current DDoS attack landscape, it covers the basics of DDoS attacks, current trends including the most recent results from the newly published 2015 Imperva Incapsula DDoS Report. It also discusses a detailed analysis of one of today’s modern, multi-vector DDoS attacks. While dissecting this DDoS attack, this presentation explores the anatomy and timeline of the attack, as well as the steps used to mitigate each phase of the assault. This session will close with a review of the aspects of effective DDoS protection solutions used to combat these sophisticated denial of service attacks.

An Inside Look at a Sophisticated Multi-Vector DDoS Attack

Imperva Incapsula

The Internet of Things (IoT) aims to makes our lives better, yet there is still no foundation for security controls on the devices that allow us to access the Internet, listen to music, watch television, control the temperature in our homes and more. This talk will look at the history of embedded device insecurity. We’ll explore some real-world example of how devices are exploited (and attackers profited). You will also learn what we can do to help fix these problems and push the industry for a much higher level of security for devices affecting our daily lives.

The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014

Security Weekly

In this talk I will quickly bring you up to speed on the history of embedded device insecurity. Next, we will look at a real-world example or two of how devices are exploited (And attackers profited). Finally, you will learn what we can do to help fix these problems and push the industry for a much higher level of security for devices affecting our daily lives. You may have heard about this threat, one that has plagued our lives and networks for well over a decade. A problem so ubiquitous, it can't be ignored. Yet, this threat has a history of hiding in plain sight. Users are, for the most part, unaware of the dangers. Security researchers and the media have attempted to highlight this problem for years, without making an impact on improving security. However, vendors and users are still very much at risk and the problem is still largely being ignored by the masses. The Internet of Things (IoT) aims to makes our lives better, yet there is still no foundation for security controls on the devices that allow us to access the Internet, listen to music, watch television, control the temperature in our homes and more. The goal of this talk is to enable the audience to help raise awareness and influence the security of embedded systems in a positive way.

The Internet of Insecure Things: 10 Most Wanted List

Security Weekly

Greeting from Inspace Technologies! We take pleasure in sending the September edition of our Newsletter - Connect, which focuses exclusively on the accomplishments, events, happenings, awards / recognitions of Inspace community of Customers and Vendors. As always this magazine would serve as a forum for sharing organizational good news amongst our client/vendor network. We foresee much benefits in such networking and believe in continued success on this newsletter. We would continue to work towards improving the content regularly.

Newsletter Connect - Sep 2015

Arish Roy

Build and deploy bulletproof software

Fabrice Derepas

Network Forensics for Splunk, an Emulex presentation

Emulex Corporation

Virtual Security

F-Secure Corporation

Positive Hack Days 7 - Ransomware forensiсs

Mona Arkhipova

Multi domain security-management_technical_presentation

davebrosnan

Protection Service for Business

F-Secure Corporation

Dimitrios Stergiou, CISO @ NetEnt addressed a number of traditional approaches to Application Security and discussed their shortcomings at Netlight Edge X breakfast seminar. Edge X breakfast seminars at Netlight are recurring events and talks, held by external speakers as well as employees of Netlight, within topics such as trends, challenges and opportunities within IT and management. He also discussed how the Agile methodology can be combined with an Application Security approach that has been proven to offer the most benefits. He also discussed how the DevOps culture can improve security and some do’s and don’ts when deciding to go down the DevOps path.

Application Security within Agile

Netlight Consulting

What's hot (20)

Endpoint Security Evasion

Web Intrusion Detection

Advanced Persistent Threats

Firewall, Router and Switch Configuration Review

[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...

Security Ops for large and small companies

On the impact of security vulnerabilities in the npm package dependency network

ESET: Delivering Benefits to Enterprises

Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...

An Inside Look at a Sophisticated Multi-Vector DDoS Attack

The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014

The Internet of Insecure Things: 10 Most Wanted List

Newsletter Connect - Sep 2015

Build and deploy bulletproof software

Network Forensics for Splunk, an Emulex presentation

Virtual Security

Positive Hack Days 7 - Ransomware forensiсs

Multi domain security-management_technical_presentation

Protection Service for Business

Application Security within Agile

Viewers also liked

4 ltr powerpoint2010_ch21_pr1a_briannaspinney_2

Brianna Spinney

Realmadrid-Atleticodemadrid

Ropa Deportiva Online

KCB101 Not Your Mothers' Storyboard

francesliam

Vaccination Schedules for Dogs and Puppies

canadapetcare

Siklus anggaran forum skpd

Indra Djatie

FC Barcelona, trayectoria de sus estadios

Ropa Deportiva Online

Three things for wildcard ssl certs

tas-hiro

Liptonvscold final

Oleg Idolov

White stone meandr

Данил Сахненко

PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...

Universitas Sumatera Utara

Tech slide show

Levi Lynch

(Lovern tamra historyingraphicdesign)powerpoint

Tamra Lovern

Sophia grant 3100849 lang6099 power point presentationl

Snoring

Ashley

JLF

Blenderman by panda_apps_presentation

mrjonesbrgs

Prezentacja1

justynakokocinska

Real Madrid, trayectoria de su estadio

Ropa Deportiva Online

Alvaro

Alvaro Apileo Reyes

Viewers also liked (20)

4 ltr powerpoint2010_ch21_pr1a_briannaspinney_2

Realmadrid-Atleticodemadrid

KCB101 Not Your Mothers' Storyboard

Vaccination Schedules for Dogs and Puppies

Siklus anggaran forum skpd

FC Barcelona, trayectoria de sus estadios

Three things for wildcard ssl certs

Liptonvscold final

White stone meandr

PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...

Tech slide show

(Lovern tamra historyingraphicdesign)powerpoint

Sophia grant 3100849 lang6099 power point presentationl

Snoring

Ashley

JLF

Blenderman by panda_apps_presentation

Prezentacja1

Real Madrid, trayectoria de su estadio

Alvaro

Similar to A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline

Lastline, Inc.

This presentation covers: - Why today’s Retail POS systems are at risk - How using relatively simple techniques, cyber criminals get onto retailer networks and POS machines - How POS malware works in capturing credit card data - How antiquated security architectures and technology put retailers and customers at risk - How good security architecture and advanced threat protection tools can defeat these attacks before data is breached. - How to recognize outdated vulnerable POS endpoints that might expose you to credit card fraud

PoS Malware and Other Threats to the Retail Industry

Invincea, Inc.

It’s everywhere. From your phone to the enterprise, open source software (OSS) is running far and wide. Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open source in mission-critical software. While it’s free, easy to find, and pushes software to the market faster, it’s vital to understand how to use OSS safely. Join Richard Sherrard, director of product management at Rogue Wave, for a live webinar reviewing the top five OSS trends of 2015. From OSS discovery, to risk, and governance, we’ll take a deep dive into the trends we’ve noticed this year while providing you with some predictions for 2016. In this webinar you’ll learn how to: -Discover the OSS in your codebase to ensure that code is free of bugs, security vulnerabilities, and license conflicts -Implement controls on OSS usage at your organization -Create a multi-tier approach to OSS risk reduction with open source tools, static code analysis and dynamic analysis Watch the webinar recording now: https://www.brighttalk.com/webcast/12285/164531

OSS has taken over the enterprise: The top five OSS trends of 2015

Rogue Wave Software

Joomla Security Simplified — Seven Easy Steps For a More Secure Website

Imperva Incapsula

Application security meetup k8_s security with zero trust_29072021

lior mazor

When you work with a lot of companies scrutinizing their security, you get to see some amazing things. One of the joys of being a commercial security consultant working for big name firms, is that you get to see a lot of innovation and interesting approaches to common problems. However, as great as this is, the discrete projects you work on are usually a small representation of the overall company. When you look at the company in its entirety, a familiar pattern of weakness begins to reveal itself. While some companies are obviously better than others, the majority of companies are actually weak in remarkably similar ways. My work in the attacker modeled pentest and enterprise risk assessment realms focuses on looking at a company as a whole. The premise is that, this is what an attacker would do. They won’t just try to attack your quarterly code reviewed main web site, or consumer mobile app. They won’t directly attack your PCI relevant systems to get to customer credit card data. They won’t limit their attacks to those purely against your IT infrastructure. Instead – they’ll look at your entire company, and they will play dirty. In this session, I’ll focus on the things that plague us all (well most of us), and I’ll offer some simple advice for how to try and tackle each of these areas: – Weaknesses in Physical Security – Susceptibility to Phishing – Vulnerability Management Immaturity – Weaknesses in Authentication – Poor Network Segmentation – Loose Data Access Control – Terrible Host / Network Visibility – Unwise Procurement & Security Spending Decisions

Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn

North Texas Chapter of the ISSA

As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet, protecting all your users within minutes. Cisco Advanced Malware Protection offers global threat intelligence, advanced sandboxing and real-time malware blocking to prevent breaches while it continuously analyzes file activity across your network, so that you can quickly detect, contain and remove advanced malware. Presentation of Cisco Security Architecture and Solutions such as Cisco Advanced Malware Protection (AMP) and Cisco Umbrella during Simplex-Cisco Technology Session that took place at the Londa Hotel in Limassol on 14 March 2018.

Cisco Security Presentation

Simplex

The ever-escalating threats to your business posed by ransomware and all forms of malware cannot be ignored. Cyber-criminals are employing every technology and tactic available to defeat your security systems and then go completely unnoticed as they systematically penetrate and catalog your systems and data to methodically prepare for a coordinated, carefully orchestrated, multipronged attack. The IBM i can be a rich target of valuable data for these bad actors. Malware attacks are active, not static. Traditional automated scanning, alerting and remediation practices are no longer enough. Instead, the focus needs to be upon securing critical assets and data stores using a multi-layered defensive approach. In practical terms, this means employing every possible security tool and tactic available, in a coordinated, programmatic way. Join us for this on-demand webinar to better understand: o The risks of relying on an “identify and remediate” approach to malware o A different approach to more effectively prevent malware o How a multi-layered security strategy can protect IBM i from malware threats

Defending Your IBM i Against Malware

Precisely

In today’s world of constantly evolving security threats and attack vectors, organizations need to be vigilant about monitoring their network infrastructure. The network perimeter and security infrastructure is often challenged with the adoption of mobile devices, cloud, and BYOD policies. The need for visibility into endpoint activity has become more important than ever. Join Josh Applebaum (Ziften), Matthew Frederickson, (Council Rock School District) and Peter Johnson (Lancope) for a complimentary webinar to learn how you can achieve real-time network visibility and intelligence for improved incident response. Discover how you can: - Achieve additional visibility and context to network activity - Enhance your existing security investments (NetFlow, Firewall, SIEM, threat intelligence) - Improve incident response by obtaining real-time and historical endpoint data

Extending Network Visibility: Down to the Endpoint

Lancope, Inc.

OSB120 Beat Ransomware

Ivanti

This talk focussed on the challenges facing the DevOps community from the “developers culture perspective” and the consequences of the perceived disinterest in inculcating a complete 360 degrees’ risk mitigation framework in DevOps practices. The talk touched on the legal +Security+Operational Risk of using Open Source in their SDLC, the need for internal customized Open Source policy and a two-step approach to resolve these risks

(Isc)² secure johannesburg

Tunde Ogunkoya

Malware in the Wild: Evolving to Evade Detection

Lastline, Inc.

Some of the most famous information breaches over the past few years have been a result of entry through embedded and IoT system environments. Often these breaches are a result of unexpected system architecture and service connectivity on the network that allows the hacker to enter through an embedded device and make their way to the financial or corporate servers. Experts in embedded security discuss key security issues for embedded systems and how to address them.

Cyber security - It starts with the embedded system

Rogue Wave Software

Ch07.ppt

ImXaib

A Closer Look at Isolation: Hype or Next Gen Security?

MenloSecurity

Presented at AppSec California 2017. The fact that software development is moving towards agile methodologies and DevOps is a given, the question is: How do you transform processes and tools to get the biggest advantage? Using application security testing as an example, this talk cuts through all the news, research, and standards to define a holistic process for integrating Agile testing and feedback into development teams. The talk describes specific processes, automation techniques, and the smart selection of tools to help organizations produce more secure, OWASP-compliant code and free up development time to focus on features.

Continuous security: Bringing agility to the secure development lifecycle

Rogue Wave Software

Network intrusion. Information theft. Outside reprogramming of systems. These examples are just a few of the several reasons why software security is becoming increasingly more important to all industries. No system is immune, so it’s more important than ever to understand why secure code matters and how to create safer applications. With this presentation you'll learn how to: -Protect your systems from risk -Comply with security standards -Ensure the entire codebase is bulletproof

Create code confidence for better application security

Rogue Wave Software

You’ve seen the headlines—"[Well-Known Company] Falls Victim To Hackers". These data breaches result in the theft of millions of names, passwords, credit card numbers, and other personal data. Imagine if such a breach lead to the theft of your application's data. . . If multi-national companies with dedicated security teams and expansive budgets aren’t immune to the impact of hackers, how can you adequately prepare yourself to defeat this threat? This presentation will explore the web application threat landscape. It will zero in on some of the most common attacks wreaking havoc on the internet, teaching you how to defend your online assets from them. This presentation will discuss: • The major security breaches of 2014 • Web application threats and common attack types • How to defend against today’s common attacks • Automated tools to help simplify website security

A DevOps Guide to Web Application Security

Imperva Incapsula

As the software world evolves, more and more companies rely on 3rd party applications and software components as part of their infrastructure. However, this approach does not come without risks. The implementation of 3rd party applications has its advantages, chief among them shortened development time frames and increased software maturity. Despite these obvious benefits, organizations must remain aware of potential security implications. This presentation will: - Explain how 3rd party software vulnerabilities might lead to a data breach - Deliver examples of incidents and how they occur - Discuss the effectiveness of patching

Hacking Encounters of the 3rd Kind

Imperva

01_Metasploit - The Elixir of Network Security

Harish Chaudhary

Similar to A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses (20)

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline

PoS Malware and Other Threats to the Retail Industry

OSS has taken over the enterprise: The top five OSS trends of 2015

Joomla Security Simplified — Seven Easy Steps For a More Secure Website

Application security meetup k8_s security with zero trust_29072021

Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn

Cisco Security Presentation

Defending Your IBM i Against Malware

Extending Network Visibility: Down to the Endpoint

OSB120 Beat Ransomware

(Isc)² secure johannesburg

Malware in the Wild: Evolving to Evade Detection

Cyber security - It starts with the embedded system

Ch07.ppt

A Closer Look at Isolation: Hype or Next Gen Security?

Continuous security: Bringing agility to the secure development lifecycle

Create code confidence for better application security

A DevOps Guide to Web Application Security

Hacking Encounters of the 3rd Kind

01_Metasploit - The Elixir of Network Security

More from Lastline, Inc.

Lastline RSAC 2018 Highlights

Lastline, Inc.

Infosec Europe 2017 Highlights | Lastline, Inc.

Lastline, Inc.

Over the last few years, as the world has moved closer to realizing the idea of the Internet of Things, an increasing number of the analog things with which we used to interact every day have been replaced with connected devices. The increasingly-complex systems that drive these devices have one thing in common – they must all communicate to carry out their intended functionality. Such communication is handled by firmware embedded in the device. And firmware, like any piece of software, is susceptible to a wide range of errors and vulnerabilities.

Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware

Lastline, Inc.

Ransomware has been widely touted as a highly-dangerous, sophisticated and destructive breed of malware – but according to recent research into the constraints, commonalities and advancements across 15 ransomware families – most ransomware today is actually more of a blunt instrument than a surgical tool in exploit kits. While certainly even simple programs can extort innocent people who aren’t able to separate real from fake cyber threats, the vast majority of the ransomware in the wild today is not necessarily as sophisticated or scary as it’s been made out to be. The real impact on victims who don't pay is typically still both reversible and preventable.

Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015

Lastline, Inc.

Introduction to Malware - Part 1

Lastline, Inc.

As sophisticated tools that combine static and dynamic analysis become more ubiquitous, cybercriminals are developing increasingly-evasive malware components that actively counteract analysis and behavior identification. Is this another arms race? Or is it possible to define, quantify, and identify "evasiveness" and use it as a way to detect malicious intent? This talk presents an overview of the problem and how it's been attacked from both industry and academia.

Now you see me, now you don't: chasing evasive malware - Giovanni Vigna

Lastline, Inc.

Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...

Lastline, Inc.

Media Conglomerate Chooses Lastline For Advanced Malware Protection Industry: Mass Media Company: A national media company serving a global audience Description: Media organization focused on providing business news Challenge: Provide protection against advanced threats that elude standard virus protection systems Solution: Lastline Enterprise Hosted Results: Fill void in security portfolio and protect both company and user base from advanced persistent threats, zero-day attacks, and evasive malware

Lastline Case Study

Lastline, Inc.

More from Lastline, Inc. (8)

Lastline RSAC 2018 Highlights

Infosec Europe 2017 Highlights | Lastline, Inc.

Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware

Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015

Introduction to Malware - Part 1

Now you see me, now you don't: chasing evasive malware - Giovanni Vigna

Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...

Lastline Case Study

Recently uploaded

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Manulife - Insurer Innovation Award 2024

The Digital Insurer

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Real Time Object Detection Using Open CV

Khem

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Recently uploaded (20)

Why Teams call analytics are critical to your entire business

Automating Google Workspace (GWS) & more with Apps Script

A Domino Admins Adventures (Engage 2024)

Manulife - Insurer Innovation Award 2024

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Boost PC performance: How more available memory can improve productivity

Real Time Object Detection Using Open CV

MINDCTI Revenue Release Quarter One 2024

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Strategies for Landing an Oracle DBA Job as a Fresher

GenAI Risks & Security Meetup 01052024.pdf

How to Troubleshoot Apps for the Modern Connected Worker

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Powerful Google developer tools for immediate impact! (2023-24 C)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Exploring the Future Potential of AI-Enabled Smartphone Processors

AWS Community Day CPH - Three problems of Terraform

A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses

1. Backoff My Point-of-Sale Data! Profiling the Backoff PoS Malware Affecting Retailers Engin Kirda Ph.D., Co-Founder & Chief Architect, Lastline www.lastline.com

2. What is Backoff? • Malware used in numerous breaches in the last year • Secret Service currently estimates 1,000+ U.S. businesses affected • Targeted to PoS systems • Evades analysis Copyright ©2014 Lastline, Inc. All rights reserved. 2

3. Recent and Notable Retail/Payments Breaches • The last year has seen a dramatic escalation in the number of breached PoS systems • Many of these PoS payloads, like Backoff, evaded installed defenses and alarms Copyright ©2014 Lastline, Inc. All rights reserved. 3

5. What is Backoff? • Timing evasion (an anti-VM technique) • Utilizes code obfuscation • Also uses rare and poorly emulated instructions to defeat simple emulators • Attempts to encrypt parts of the command and control traffic Copyright ©2014 Lastline, Inc. All rights reserved. 5

6. How are the attackers deploying it? • Scan for Internet facing Remote Desktop applications • Brute force login credentials • Often successfully find administrative credentials • Use admin credentials to deploy Backoff to remote PoS systems Copyright ©2014 Lastline, Inc. All rights reserved. 6

7. Understanding Evasive Malware Malware authors are not stupid • they got the news that sandboxes are all the rage now • since the code is executed, malware authors have options Evasion defined • Develop code that exhibits no malicious behavior in a traditional sandbox, but still infects the intended target • Can be achieved in a variety of ways… Copyright ©2014 Lastline, Inc. All rights reserved. 7

12. Securing Your Organization • At PoS: Accept EMV payments to limit exposure in case of a breach • At PoS: E2E encryption of transaction (POI never has cleartext) • Detect and protect against malware and C&C • Full system emulation approach with Lastline Copyright ©2014 Lastline, Inc. All rights reserved. 12

13. Detect Evasive Malware in Your Network Start your 30-day Lastline trial: http://landing.lastline.com/request-lastline-trial “I would highly recommend Lastline to any company that is entrusted with customer data. Retailers, restaurants, or any organization that is interested in elevating their handling and protection of data could benefit from working with Lastline.” Tom Lindblom CTO, CKE Restaurants Copyright ©2014 Lastline, Inc. All rights reserved. 13

14. Thank You! For more information visit www.lastline.com or contact us at info@lastline.com.

Editor's Notes

rtdsc looping (timing evasion) obfuscation uses a mildly obfuscated code (oligomorphic decryptor), multistage encrypted shellcode, runpe/hollowing, encryption track/keylogger data sent to c2 is encrypted; networked based detection of the c2 still quite easy -> enterprise could detect it reliably, but DLP mechanisms would fail
Using publicly available services and tools for each step
emv reduces the value of stolen transaction data, as the transaction data has a limited number of “re-uses” end to end encryption prevents PoS malware from collecting transaction data, reducing the attack surface build verification and detailed behavioral analysis of all software being pushed to PoS systems could absolutely have stopped many these breaches comprehensive analysis of network traffic could have identified them quickly and easily… began providing protection before samples were seen, and alerts for the first c2 events

A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses

Similar to A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses (20)

More from Lastline, Inc.

More from Lastline, Inc. (8)

Recently uploaded

Recently uploaded (20)

A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses

Editor's Notes