How to Stop Malware-Created Backdoors

Hackers have been placing backdoors into systems for years for a variety of purposes. We have all read the stories about backdoors being installed in retailers to siphon payment card information; a PSI DSS and reputation nightmare.

Backdoors also have been deployed in government and higher education institutions to gather intellectual property, such and defense and trade secrets. Medical institutions pay out settlements due to HIPAA violations caused by these forms of malware every year.

A perfect example of a backdoor-creating malware is Calisto. This backdoor trojan is designed for macOS (many executives use Macs) and attempts to install itself in different folders until it finds a home and then enable accessibility authorization.

If this can be accomplished, it will open a backdoor to the hacker to control the entire system. In most cases, this malware fails (due to protections placed on new Macs) but can leave behind system vulnerabilities.

So, how do you stop such an aggressive form of malware? It’s important to know that not all trojans are alike.

Some will create a customized payload every time it lands on a new system to avoid future attacks being blocked by signatures. SonicWall stops known backdoors on our next-generation firewalls (NGFW) and can test and find new versions of backdoor malware with the Capture Advanced Threat Protection (ATP) sandbox service.

But for threats that land on the endpoint, the key is using advanced artificial intelligence (AI) that can detect the malware’s presence on the endpoint. Does it try to bypass antivirus? Does it embed itself in a directory it shouldn’t? Does it attempt to download something from a command and control (C&C) server? These are just some of the ways Calisto can be identified.

To properly stop Calisto and other backdoor-building malware, download the exclusive tech brief: Protecting macOS Endpoints from Calisto. The brief will explore:

  • Origin of Calisto
  • Why SIP enablement is not enough
  • How the malware delivers its payload
  • Secondary steps the malware will take to ensure execution
  • Proven solutions for stopping Calisto

 

Brook Chelmo on Twitter
Brook Chelmo
Sr Product Marketing Manager | SonicWall
Brook handles all product marketing responsibilities for SonicWall security services and serves as SonicWall’s ransomware tsar. Fascinated in the growth of consumer internet, Brook dabbled in grey-hat hacking in the mid to late 90’s while also working and volunteering in many non-profit organizations. After spending the better part of a decade adventuring and supporting organizations around the globe, he ventured into the evolving world of storage and security. He serves humanity by teaching security best practices, promoting and developing technology.
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply