SlideShare a Scribd company logo

A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses

Download as PPTX, PDF
Lastline, Inc.
Lastline, Inc.

Watch an overview of the Backoff malware that exhibits highly evasive characteristics. Engin Kirda, Ph.D., Co-Founder and Chief Architect at Lastline, gives a background on Backoff and an introduction into the concept of evasive malware. Backoff PoS Malware is interesting because: ° Over 1000 business have been affected according to the Secret Service ° Used in numerous high profile breaches in the past year ° Targets point-of-sale systems ° Exhibits highly evasive behaviors intended to bypass detection Detect Advanced and Evasive Malware in Your Network: http://landing.lastline.com/request-lastline-trial

Technology
1 of 14
Backoff My Point-of-Sale Data! Profiling the Backoff PoS Malware Affecting Retailers Engin Kirda Ph.D., Co-Founder & Chief Architect, Lastline www.lastline.com
What is Backoff? • Malware used in numerous breaches in the last year • Secret Service currently estimates 1,000+ U.S. businesses affected • Targeted to PoS systems • Evades analysis Copyright ©2014 Lastline, Inc. All rights reserved. 2
Recent and Notable Retail/Payments Breaches • The last year has seen a dramatic escalation in the number of breached PoS systems • Many of these PoS payloads, like Backoff, evaded installed defenses and alarms Copyright ©2014 Lastline, Inc. All rights reserved. 3
What is Backoff? [1 Slide Summary from Kyle] • Product screenshot? • Mention evasive behaviors exhibited Copyright ©2014 Lastline, Inc. All rights reserved. 4
What is Backoff? • Timing evasion (an anti-VM technique) • Utilizes code obfuscation • Also uses rare and poorly emulated instructions to defeat simple emulators • Attempts to encrypt parts of the command and control traffic Copyright ©2014 Lastline, Inc. All rights reserved. 5
How are the attackers deploying it? • Scan for Internet facing Remote Desktop applications • Brute force login credentials • Often successfully find administrative credentials • Use admin credentials to deploy Backoff to remote PoS systems Copyright ©2014 Lastline, Inc. All rights reserved. 6
Understanding Evasive Malware Malware authors are not stupid • they got the news that sandboxes are all the rage now • since the code is executed, malware authors have options Evasion defined • Develop code that exhibits no malicious behavior in a traditional sandbox, but still infects the intended target • Can be achieved in a variety of ways… Copyright ©2014 Lastline, Inc. All rights reserved. 7
8 The Evasive Malware Problem Current solutions fail to protect organizations from sophisticated, targeted attacks. Copyright ©2014 Lastline, Inc. All rights reserved.
Lastline Labs AV Vendor Review Antivirus systems take months to catch up to highly evasive threats. Copyright ©2014 Lastline, Inc. All rights reserved. 9
3 Ways to Build a Sandbox Not all sandbox solutions can detect highly evasive malware. Copyright ©2014 Lastline, Inc. All rights reserved. 10
Virtualized Sandboxing vs. Full System Emulation Even APT Solutions with virtualized sandboxing fail to detect highly evasive malware. Copyright ©2014 Lastline, Inc. All rights reserved. 11
Securing Your Organization • At PoS: Accept EMV payments to limit exposure in case of a breach • At PoS: E2E encryption of transaction (POI never has cleartext) • Detect and protect against malware and C&C • Full system emulation approach with Lastline Copyright ©2014 Lastline, Inc. All rights reserved. 12
Detect Evasive Malware in Your Network Start your 30-day Lastline trial: http://landing.lastline.com/request-lastline-trial “I would highly recommend Lastline to any company that is entrusted with customer data. Retailers, restaurants, or any organization that is interested in elevating their handling and protection of data could benefit from working with Lastline.” Tom Lindblom CTO, CKE Restaurants Copyright ©2014 Lastline, Inc. All rights reserved. 13
Thank You! For more information visit www.lastline.com or contact us at info@lastline.com.

Recommended

Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius VigilSavvius, Inc
 
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Digital Bond
 
T3 conference talk nov 2014
T3 conference talk nov 2014T3 conference talk nov 2014
T3 conference talk nov 2014Sid Yenamandra
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Digital Bond
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
AWS Summit Singapore 2019 | Pragmatic Container Security
AWS Summit Singapore 2019 | Pragmatic Container SecurityAWS Summit Singapore 2019 | Pragmatic Container Security
AWS Summit Singapore 2019 | Pragmatic Container SecurityAWS Summits
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real lifeMona Arkhipova
 

Recommended

Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius VigilSavvius, Inc
 
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Digital Bond
 
T3 conference talk nov 2014
T3 conference talk nov 2014T3 conference talk nov 2014
T3 conference talk nov 2014Sid Yenamandra
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Digital Bond
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
AWS Summit Singapore 2019 | Pragmatic Container Security
AWS Summit Singapore 2019 | Pragmatic Container SecurityAWS Summit Singapore 2019 | Pragmatic Container Security
AWS Summit Singapore 2019 | Pragmatic Container SecurityAWS Summits
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real lifeMona Arkhipova
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Web Intrusion Detection
Web Intrusion Detection Web Intrusion Detection
Web Intrusion Detection Abhishek Singh
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...Imperva Incapsula
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companiesMona Arkhipova
 
On the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkOn the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkTom Mens
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Security Weekly
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackImperva Incapsula
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
 
Newsletter Connect - Sep 2015
Newsletter Connect - Sep 2015Newsletter Connect - Sep 2015
Newsletter Connect - Sep 2015Arish Roy
 
Build and deploy bulletproof software
Build and deploy bulletproof softwareBuild and deploy bulletproof software
Build and deploy bulletproof softwareFabrice Derepas
 
Network Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationNetwork Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationEmulex Corporation
 
Virtual Security
Virtual SecurityVirtual Security
Virtual SecurityF-Secure Corporation
 
Positive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsPositive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsMona Arkhipova
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentationdavebrosnan
 
Protection Service for Business
Protection Service for BusinessProtection Service for Business
Protection Service for BusinessF-Secure Corporation
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within AgileNetlight Consulting
 
4 ltr powerpoint2010_ch21_pr1a_briannaspinney_2
4 ltr powerpoint2010_ch21_pr1a_briannaspinney_24 ltr powerpoint2010_ch21_pr1a_briannaspinney_2
4 ltr powerpoint2010_ch21_pr1a_briannaspinney_2Brianna Spinney
 
Realmadrid-Atleticodemadrid
Realmadrid-AtleticodemadridRealmadrid-Atleticodemadrid
Realmadrid-AtleticodemadridRopa Deportiva Online
 

More Related Content

What's hot

Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Web Intrusion Detection
Web Intrusion Detection Web Intrusion Detection
Web Intrusion Detection Abhishek Singh
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...Imperva Incapsula
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companiesMona Arkhipova
 
On the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkOn the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkTom Mens
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Security Weekly
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackImperva Incapsula
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
 
Newsletter Connect - Sep 2015
Newsletter Connect - Sep 2015Newsletter Connect - Sep 2015
Newsletter Connect - Sep 2015Arish Roy
 
Build and deploy bulletproof software
Build and deploy bulletproof softwareBuild and deploy bulletproof software
Build and deploy bulletproof softwareFabrice Derepas
 
Network Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationNetwork Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationEmulex Corporation
 
Positive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsPositive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsMona Arkhipova
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentationdavebrosnan
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within AgileNetlight Consulting
 

What's hot (20)

Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
 
Web Intrusion Detection
Web Intrusion Detection Web Intrusion Detection
Web Intrusion Detection
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companies
 
On the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkOn the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency network
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to Enterprises
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted List
 
Newsletter Connect - Sep 2015
Newsletter Connect - Sep 2015Newsletter Connect - Sep 2015
Newsletter Connect - Sep 2015
 
Build and deploy bulletproof software
Build and deploy bulletproof softwareBuild and deploy bulletproof software
Build and deploy bulletproof software
 
Network Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationNetwork Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentation
 
Virtual Security
Virtual SecurityVirtual Security
Virtual Security
 
Positive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsPositive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсs
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentation
 
Protection Service for Business
Protection Service for BusinessProtection Service for Business
Protection Service for Business
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within Agile
 

Viewers also liked

4 ltr powerpoint2010_ch21_pr1a_briannaspinney_2
4 ltr powerpoint2010_ch21_pr1a_briannaspinney_24 ltr powerpoint2010_ch21_pr1a_briannaspinney_2
4 ltr powerpoint2010_ch21_pr1a_briannaspinney_2Brianna Spinney
 
KCB101 Not Your Mothers' Storyboard
KCB101 Not Your Mothers' StoryboardKCB101 Not Your Mothers' Storyboard
KCB101 Not Your Mothers' Storyboardfrancesliam
 
Vaccination Schedules for Dogs and Puppies
Vaccination Schedules for Dogs and PuppiesVaccination Schedules for Dogs and Puppies
Vaccination Schedules for Dogs and Puppiescanadapetcare
 
Siklus anggaran forum skpd
Siklus anggaran forum skpdSiklus anggaran forum skpd
Siklus anggaran forum skpdIndra Djatie
 
FC Barcelona, trayectoria de sus estadios
FC Barcelona, trayectoria de sus estadiosFC Barcelona, trayectoria de sus estadios
FC Barcelona, trayectoria de sus estadiosRopa Deportiva Online
 
Three things for wildcard ssl certs
Three things for wildcard ssl certsThree things for wildcard ssl certs
Three things for wildcard ssl certstas-hiro
 
Liptonvscold final
Liptonvscold finalLiptonvscold final
Liptonvscold finalOleg Idolov
 
PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...
PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...
PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...Universitas Sumatera Utara
 
Tech slide show
Tech slide showTech slide show
Tech slide showLevi Lynch
 
(Lovern tamra historyingraphicdesign)powerpoint
(Lovern tamra historyingraphicdesign)powerpoint(Lovern tamra historyingraphicdesign)powerpoint
(Lovern tamra historyingraphicdesign)powerpointTamra Lovern
 
Sophia grant 3100849 lang6099 power point presentationl
Sophia grant 3100849 lang6099 power point presentationlSophia grant 3100849 lang6099 power point presentationl
Sophia grant 3100849 lang6099 power point presentationlturbs1995
 
Blenderman by panda_apps_presentation
Blenderman by panda_apps_presentationBlenderman by panda_apps_presentation
Blenderman by panda_apps_presentationmrjonesbrgs
 
Real Madrid, trayectoria de su estadio
Real Madrid, trayectoria de su estadioReal Madrid, trayectoria de su estadio
Real Madrid, trayectoria de su estadioRopa Deportiva Online
 

Viewers also liked (20)

4 ltr powerpoint2010_ch21_pr1a_briannaspinney_2
4 ltr powerpoint2010_ch21_pr1a_briannaspinney_24 ltr powerpoint2010_ch21_pr1a_briannaspinney_2
4 ltr powerpoint2010_ch21_pr1a_briannaspinney_2
 
Realmadrid-Atleticodemadrid
Realmadrid-AtleticodemadridRealmadrid-Atleticodemadrid
Realmadrid-Atleticodemadrid
 
KCB101 Not Your Mothers' Storyboard
KCB101 Not Your Mothers' StoryboardKCB101 Not Your Mothers' Storyboard
KCB101 Not Your Mothers' Storyboard
 
Vaccination Schedules for Dogs and Puppies
Vaccination Schedules for Dogs and PuppiesVaccination Schedules for Dogs and Puppies
Vaccination Schedules for Dogs and Puppies
 
Siklus anggaran forum skpd
Siklus anggaran forum skpdSiklus anggaran forum skpd
Siklus anggaran forum skpd
 
FC Barcelona, trayectoria de sus estadios
FC Barcelona, trayectoria de sus estadiosFC Barcelona, trayectoria de sus estadios
FC Barcelona, trayectoria de sus estadios
 
Three things for wildcard ssl certs
Three things for wildcard ssl certsThree things for wildcard ssl certs
Three things for wildcard ssl certs
 
Liptonvscold final
Liptonvscold finalLiptonvscold final
Liptonvscold final
 
White stone meandr
White stone meandrWhite stone meandr
White stone meandr
 
PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...
PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...
PERBANDINGAN EVALUASI KEKUATAN PERLEKATAN MICRO-TENSILE PADA SISTEM ADHESIF O...
 
Tech slide show
Tech slide showTech slide show
Tech slide show
 
(Lovern tamra historyingraphicdesign)powerpoint
(Lovern tamra historyingraphicdesign)powerpoint(Lovern tamra historyingraphicdesign)powerpoint
(Lovern tamra historyingraphicdesign)powerpoint
 
Sophia grant 3100849 lang6099 power point presentationl
Sophia grant 3100849 lang6099 power point presentationlSophia grant 3100849 lang6099 power point presentationl
Sophia grant 3100849 lang6099 power point presentationl
 
Snoring
SnoringSnoring
Snoring
 
Ashley
AshleyAshley
Ashley
 
JLF
JLFJLF
JLF
 
Blenderman by panda_apps_presentation
Blenderman by panda_apps_presentationBlenderman by panda_apps_presentation
Blenderman by panda_apps_presentation
 
Prezentacja1
Prezentacja1Prezentacja1
Prezentacja1
 
Real Madrid, trayectoria de su estadio
Real Madrid, trayectoria de su estadioReal Madrid, trayectoria de su estadio
Real Madrid, trayectoria de su estadio
 
Alvaro
AlvaroAlvaro
Alvaro
 

Similar to A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryInvincea, Inc.
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteImperva Incapsula
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against MalwarePrecisely
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat RansomwareIvanti
 
(Isc)² secure johannesburg
(Isc)² secure johannesburg (Isc)² secure johannesburg
(Isc)² secure johannesburg Tunde Ogunkoya
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionLastline, Inc.
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Ch07.ppt
Ch07.pptCh07.ppt
Ch07.pptImXaib
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityImperva Incapsula
 
Hacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindHacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindImperva
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 

Similar to A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses (20)

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against Malware
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
 
(Isc)² secure johannesburg
(Isc)² secure johannesburg (Isc)² secure johannesburg
(Isc)² secure johannesburg
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade Detection
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Ch07.ppt
Ch07.pptCh07.ppt
Ch07.ppt
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
 
Hacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindHacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd Kind
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 

More from Lastline, Inc.

Lastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline, Inc.
 
Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Lastline, Inc.
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareLastline, Inc.
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Lastline, Inc.
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Lastline, Inc.
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Lastline, Inc.
 

More from Lastline, Inc. (8)

Lastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline RSAC 2018 Highlights
Lastline RSAC 2018 Highlights
 
Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.Infosec Europe 2017 Highlights | Lastline, Inc.
Infosec Europe 2017 Highlights | Lastline, Inc.
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
 
Lastline Case Study
Lastline Case StudyLastline Case Study
Lastline Case Study
 

Recently uploaded

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...Product School
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 

Recently uploaded (20)

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 

A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses

  • 1. Backoff My Point-of-Sale Data! Profiling the Backoff PoS Malware Affecting Retailers Engin Kirda Ph.D., Co-Founder & Chief Architect, Lastline www.lastline.com
  • 2. What is Backoff? • Malware used in numerous breaches in the last year • Secret Service currently estimates 1,000+ U.S. businesses affected • Targeted to PoS systems • Evades analysis Copyright ©2014 Lastline, Inc. All rights reserved. 2
  • 3. Recent and Notable Retail/Payments Breaches • The last year has seen a dramatic escalation in the number of breached PoS systems • Many of these PoS payloads, like Backoff, evaded installed defenses and alarms Copyright ©2014 Lastline, Inc. All rights reserved. 3
  • 4. What is Backoff? [1 Slide Summary from Kyle] • Product screenshot? • Mention evasive behaviors exhibited Copyright ©2014 Lastline, Inc. All rights reserved. 4
  • 5. What is Backoff? • Timing evasion (an anti-VM technique) • Utilizes code obfuscation • Also uses rare and poorly emulated instructions to defeat simple emulators • Attempts to encrypt parts of the command and control traffic Copyright ©2014 Lastline, Inc. All rights reserved. 5
  • 6. How are the attackers deploying it? • Scan for Internet facing Remote Desktop applications • Brute force login credentials • Often successfully find administrative credentials • Use admin credentials to deploy Backoff to remote PoS systems Copyright ©2014 Lastline, Inc. All rights reserved. 6
  • 7. Understanding Evasive Malware Malware authors are not stupid • they got the news that sandboxes are all the rage now • since the code is executed, malware authors have options Evasion defined • Develop code that exhibits no malicious behavior in a traditional sandbox, but still infects the intended target • Can be achieved in a variety of ways… Copyright ©2014 Lastline, Inc. All rights reserved. 7
  • 8. 8 The Evasive Malware Problem Current solutions fail to protect organizations from sophisticated, targeted attacks. Copyright ©2014 Lastline, Inc. All rights reserved.
  • 9. Lastline Labs AV Vendor Review Antivirus systems take months to catch up to highly evasive threats. Copyright ©2014 Lastline, Inc. All rights reserved. 9
  • 10. 3 Ways to Build a Sandbox Not all sandbox solutions can detect highly evasive malware. Copyright ©2014 Lastline, Inc. All rights reserved. 10
  • 11. Virtualized Sandboxing vs. Full System Emulation Even APT Solutions with virtualized sandboxing fail to detect highly evasive malware. Copyright ©2014 Lastline, Inc. All rights reserved. 11
  • 12. Securing Your Organization • At PoS: Accept EMV payments to limit exposure in case of a breach • At PoS: E2E encryption of transaction (POI never has cleartext) • Detect and protect against malware and C&C • Full system emulation approach with Lastline Copyright ©2014 Lastline, Inc. All rights reserved. 12
  • 13. Detect Evasive Malware in Your Network Start your 30-day Lastline trial: http://landing.lastline.com/request-lastline-trial “I would highly recommend Lastline to any company that is entrusted with customer data. Retailers, restaurants, or any organization that is interested in elevating their handling and protection of data could benefit from working with Lastline.” Tom Lindblom CTO, CKE Restaurants Copyright ©2014 Lastline, Inc. All rights reserved. 13
  • 14. Thank You! For more information visit www.lastline.com or contact us at info@lastline.com.

Editor's Notes

  1. rtdsc looping (timing evasion) obfuscation uses a mildly obfuscated code (oligomorphic decryptor), multistage encrypted shellcode, runpe/hollowing, encryption track/keylogger data sent to c2 is encrypted; networked based detection of the c2 still quite easy -> enterprise could detect it reliably, but DLP mechanisms would fail
  2. Using publicly available services and tools for each step
  3. emv reduces the value of stolen transaction data, as the transaction data has a limited number of “re-uses” end to end encryption prevents PoS malware from collecting transaction data, reducing the attack surface build verification and detailed behavioral analysis of all software being pushed to PoS systems could absolutely have stopped many these breaches comprehensive analysis of network traffic could have identified them quickly and easily… began providing protection before samples were seen, and alerts for the first c2 events