Hackers have been placing backdoors into systems for years for a variety of purposes. We have all read the stories about backdoors being installed in retailers to siphon payment card information; a PSI DSS and reputation nightmare.
Backdoors also have been deployed in government and higher education institutions to gather intellectual property, such and defense and trade secrets. Medical institutions pay out settlements due to HIPAA violations caused by these forms of malware every year.
A perfect example of a backdoor-creating malware is Calisto. This backdoor trojan is designed for macOS (many executives use Macs) and attempts to install itself in different folders until it finds a home and then enable accessibility authorization.
If this can be accomplished, it will open a backdoor to the hacker to control the entire system. In most cases, this malware fails (due to protections placed on new Macs) but can leave behind system vulnerabilities.
So, how do you stop such an aggressive form of malware? It’s important to know that not all trojans are alike.
Some will create a customized payload every time it lands on a new system to avoid future attacks being blocked by signatures. SonicWall stops known backdoors on our next-generation firewalls (NGFW) and can test and find new versions of backdoor malware with the Capture Advanced Threat Protection (ATP) sandbox service.
But for threats that land on the endpoint, the key is using advanced artificial intelligence (AI) that can detect the malware’s presence on the endpoint. Does it try to bypass antivirus? Does it embed itself in a directory it shouldn’t? Does it attempt to download something from a command and control (C&C) server? These are just some of the ways Calisto can be identified.
To properly stop Calisto and other backdoor-building malware, download the exclusive tech brief: Protecting macOS Endpoints from Calisto. The brief will explore:
Original post from SonicWALL