Q&A with Carolyn Crandall, CMO at Attivo Networks Fortinet sits down with Fabric-Ready Partner, Attivo Networks, to learn what’s top of mind for its customers, the key IT challenges they are facing, and how Attivo Networks’ approach to integrated security is helping drive business and customer success. Tell us a bit about Attivo Networks business and the types of customers that you serve. Attivo Networks® is the leader in deception for cyber security defense. Founded on the premise that even the best security systems... [Read More]
by RSS Darlene Gannon  |  Apr 20, 2017  |  Filed in: Business and Technology, Security Q & A
This is the second in a series of blogs written as a companion to my forthcoming book, RIoT Control – Understanding and Managing Risk and the Internet of Things What Are the “Things” in The Internet of Things? User-based devices that communicate, consume content, and create and publish content for other people to consume have dominated our current version of the Internet. The developing Internet of Things is about to change that. While it will include the “old” Internet of user-based devices, it is very different... [Read More]
by RSS Tyson Macaulay  |  Jul 28, 2016  |  Filed in: Industry Trends
GamaPoS has received a fair amount of attention since its discovery, in part because the use of .NET is (currently) unique among PoS malware and in part because it leverages the versatile Andromeda botnet. At its core, though, GamaPoS is a scraper designed to steal payment data from the RAM of PoS systems.  GamaPoS is the first documented PoS malware to be written in .NET. Malware written in .NET comes with its advantages and its disadvantages, both for authors and researchers. The most obvious benefit for its authors is that it... [Read More]
by RSS Hong Kei Chan  |  Jul 20, 2015  |  Filed in: Industry Trends
If the Point of Sale (POS) system in your retail business is still running on an older operating system, e.g., Microsoft Windows XP or anything else pre-Win 7, there are a number of compelling reasons why it's long past time to change that. And while most of these reasons are gotchas, there are also positive reasons. Newer systems are simply richer in features and easier to use. It's understandable that businesses want to hang onto systems that are still working and that employees are familiar with. But it's a bad idea that will... [Read More]
by RSS Daniel Dern  |  May 07, 2015  |  Filed in: Industry Trends
In the United States, families will soon be traveling by plane, train and automobile to be with their loved ones to celebrate the Thanksgiving holiday. Large feasts will be prepared, football games will be viewed, and parades watched. One other great American pastime that, to many, is just as fun and integral to their holiday is the kickoff to the holiday shopping season, which starts with Black Friday and Cyber Monday. People are known to line up for hours and hours in the wee hours of the morning all in the hopes of scoring that killer deal... [Read More]
by RSS Richard Henderson  |  Nov 24, 2014  |  Filed in: Industry Trends
On October 28, 2014, we encountered an even newer version of the Backoff point-of-sale (PoS) malware which we are detecting as W32/Backoff.C!tr.spy. This newest version, with version name 211G1, was compiled close to a month after its predecessor ROM. Functionality-wise, 211G1 is very similar to ROM. An in-depth description of ROM can be found in our previous post. In this blog post, we will describe the modifications made in the newest version of the Backoff PoS malware family. Installation Firstly, 211G1 is now packed with a custom packer;... [Read More]
by RSS Hong Kei Chan  |  Nov 06, 2014  |  Filed in: Security Research
A few months have passed since the release of the “Backoff” point-of-sale (PoS) malware advisory, but Backoff and other PoS malware continue to be an active threat as businesses keep reporting data breaches and the compromise of their customers’ financial information. We have recently encountered a new version of the Backoff malware family, which we are detecting as W32/Backoff.B!tr.spy. Unlike previous versions, this one no longer uses a version number in the malware body, but just uses the version name ROM. ROM performs very similarly... [Read More]
by RSS Hong Kei Chan  |  Nov 03, 2014  |  Filed in: Security Research
On July 31, 2014, the United States Computer Emergency Readiness Team (US-CERT) published an advisory of a newly identified point-of-sale (PoS) malware dubbed “Backoff”. This family of PoS malware consists of three versions: 1.44, 1.55, and the most recent 1.56. Backoff variants began to have version names starting from version 1.55 (which used the names backoff, goo, MAY, and net); version 1.56 used the variant name LAST. In this blog post, we will briefly look at an overview of the Backoff malware before discussing the unique memory-parsing... [Read More]
by RSS Hong Kei Chan  |  Aug 07, 2014  |  Filed in: Security Research
This whitepaper is the first of a series of FortiGuard Technical Analyses that go in-depth into the inner workings of malware. In this paper we take a look at the malware known as Soraya. Soraya is unique in that it combines the form-grabbing techniques seen in the ubiquitous Zeus and the memory-parsing techniques seen in Point of Sale (POS) malware such as Dexter and JackPOS. In this report, we join Junior AV Analyst Hong Kei Chan in dissecting Soraya: How Soraya installs itself How Soraya grabs the contents of forms How Soraya parses its target's... [Read More]
by RSS Richard Henderson  |  Jul 14, 2014  |  Filed in: Security Research
By now we've read the details of the Target breach. Attackers got away with home, email and credit card information from 70 million people (Source). How many people is that in the big scheme of things? According to a U.S. Census Bureau report from 2012, it's close to every single living person in the states of California (38.05 million), Texas (26.06 million) and Washington (6.897 million). In fact, the Target breach has impacted one of my close colleagues, who explained to me the safety precautions taken by his credit card company. It should... [Read More]
by RSS Rick Popko  |  Jan 17, 2014  |  Filed in: Industry Trends