[November 11, 2014]

Cyphort Issues Industry's First and Only Special Report on Point-of-Sale Malware Samples Used in 2014 Cyber Attacks Against Retailers

Cyphort, a pioneer of Advanced Threat Defense (ATD) solutions, today released results of a Cyphort Labs 'Special Research Report' on point-of-sale (POS) malware samples used in cyber-attacks on popular retailers within the last year. This is the industry's first and only research summarizing the characteristics of malware used in many attacks. Cyphort Labs focused its research on attacks against three retailers, Target (News - Alert), Home Depot and UPS and the popular malware samples BlackPOS, FrameworkPOS and Backoff used in the attacks.

While this extensive look into popular POS malware samples focused on Target, Home Depot and UPS, these samples have also been used in attacks against other retailers, including Dairy Queen, Albertson's and possibly Neiman Marcus.

"2014 has become 'The Year of The Retail Hack' yet corporations in many industries are under constant attack from criminals. The attacks are extensive and extremely damaging to a corporation's bottom line and neither investors nor consumers are happy," said Dr. Fengmin Gong, Cyphort's co-founder and chief architect. "The Target, Home Depot and UPS breaches made headlines because of the size and scope of proprietary information stolen, but also because these companies are household names. Cyphort is the first company to publish a report of this depth and we hope the findings will benefit security professionals and researchers so they can better understand specific patterns of behavior being carried out in these attacks."

Cyphort Labs' researchers analyzed BlackPOS, FrameworkPOS and Backoff malware samples. What they learned is that Backoff is much more advanced malware that not only is designed to attack a broad spectrum of POS systems but also is more evasive to detection. FrameworkPOS and BlackPOS on the other hand resemble off-the-shelf software, tailoed specifically for dedicated targets. They are most likely not from the same authors but FrameworkPOS leaves the strong impression of a copycat attack after former POS malware incidents.

Cyphort Labs Special Research Report Highlights:

• BlackPOS: The malware responsible for compromising Target's POS system in November 2013. Throughout the analysis it becomes clear that the attacker was not concerned by security measures on the targeted platform. Cyphort's analysis suggests the attacker knew very well how Target's infrastructure looked like.
• FrameworkPOS: The most recent POS malware incident that hit Home Depot. This sample shows that the attacker had perfect understanding of the network he was compromising. The name of the dump file shows the attacker wanted to mislead forensic analysts as the name indicates it is a binary file rather than for storing data.
• Backoff: UPS is among one of the latest victims. Backoff is not oriented toward specific victims but is built to operate on random POS machines. Backoff is standalone malware and it can update itself. Up to now there are at least five different versions that have been detected in the wild. Backoff is generally a much more advanced malware that not only is designed to attack a broad spectrum of POS systems but also is more evasive to detection.

Dr. Gong added, "Cyber criminals will always go where the money is because they are after a company's most valuable assets. In the case of retailers, it is social security numbers, credit card numbers and other personal information enabling them to commit fraud and identity theft. We are confident that retailers can turn the tide and put the hackers on the run in 2015 by focusing their security solutions heavily on their most valuable assets and by properly identifying the most risky corporate assets and locking them down."

To help retailers and security professionals, Cyphort Labs recommends the following seven steps to implement an effective cybersecurity defense against modern POS threats:

• Design a security baseline accounting for the complete kill-chain that attackers have to fulfill to intrude a system.
• Understand the proper risk assessment of the company's assets.
• Eliminate unnecessary system capabilities to limit a potential intruder.
• Apply special consideration before connecting devices to the internet.
• Prioritize the level of threats. Security teams should be trained to identify severe alerts from minor risks and know how to react timely.
• Keep track of new threats and check regularly if the applied security solutions are still up-to-date with the current landscape.
• Help the security team in keeping up to date with current threats and train them on how to act in case of severe incidents.

To read the full Cyphort POS Malware Report, November 2014, please visit: http://info.cyphort.com/posmalware.

About Cyphort

Cyphort is innovative provider of Advanced Threat Protection solutions that deliver a complete defense against current and emerging Advanced Persistent Threats, targeted attacks and zero day vulnerabilities. The Cyphort Platform accurately detects and analyzes next generation malware, providing actionable, contextual intelligence that enables security teams to respond to attacks faster, more effectively, and in as surgical a manner as their attackers. Cyphort's software-based, distributed architecture offers a cost effective, high performance approach to detecting and protecting an organization's virtual, physical and cloud infrastructure against sophisticated attacks. Malware detection for Windows, OSX and Linux allows businesses to extract maximum value from IT assets without compromising the security of an organization. Founded by experts in advanced threats from government intelligence agencies and premier network security companies, Cyphort is a privately held company headquartered in San Jose, California. For more information, please visit: www.cyphort.com.

[ Back To TMCnet.com's Homepage ]