Stories
Slash Boxes
Comments

SoylentNews is people

"Nemesis" Bootkit Pwns Payment Processing Firms Running Windows

posted by martyb on Tuesday December 08 2015, @08:57PM   Printer-friendly
from the bootkits-are-the-worst dept.

"gewg_" writes in with news that The Register reported:

Security researchers at FireEye / Mandiant [say] "We identified the presence of a financially-motivated threat group that we track as FIN1, whose activity at the organisation dated back several years."

[...] "FIN1 used this malware to access the victim environment and steal cardholder data. The group, which may be located in Russia, is known for stealing data that is easily monetised from financial services organisations such as banks, credit unions, ATM operations, and financial transaction processing and financial business services companies."

[...] The malware's installation location also means it will persist even after re-installing the operating system, widely considered the most effective way to eradicate malware.

Can we all agree that updating firmware should require the movement of a physical jumper?

Original Submission

 
This discussion has been archived. No new comments can be posted.
"Nemesis" Bootkit Pwns Payment Processing Firms Running Windows | Log In/Create an Account | Top | 38 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by jmorris on Tuesday December 08 2015, @09:25PM

    by jmorris (4844) on Tuesday December 08 2015, @09:25PM (#273634)

    This is not a BIOS attack so forget the jumper. It is just a Windows boot attack and a reference to a different MBR based attack.

    And you don't even need a jumper anyway, only to forbid BIOS updates from after booting, limit it to the BIOS itself where you have to boot into setup, pick update BIOS and have the file on a USB stick. Solves 99% of the problem. Better still would be if the industry could come together and establish a standard where EVERYTHING inside the case that makes use of upgradable firmware could gate access in a standard way. Then the BIOS could not only update itself but the attached drives and other bits as well. That would allow the BIOS/bootrom to throw the locks on the drives, network adapter, etc. right before loading and transferring control to the first stage boot code.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by Urlax on Tuesday December 08 2015, @09:45PM

    by Urlax (3027) on Tuesday December 08 2015, @09:45PM (#273645)

    isn't this how smartphones work?

    those can't be unlocked either..

    there was a moment in time the jailbraking process could be done from a website, due to browser bugs and privilige escalations..

    • (Score: 0) by Anonymous Coward on Tuesday December 08 2015, @10:19PM

      by Anonymous Coward on Tuesday December 08 2015, @10:19PM (#273661)

      the jailbraking process

      The process of reducing the speed of your jail? Does it involve retro-jets?

  • (Score: 2) by VanessaE on Wednesday December 09 2015, @04:26PM

    by VanessaE (3396) <vanessa.e.dannenberg@gmail.com> on Wednesday December 09 2015, @04:26PM (#273982) Journal

    How do you get the updated BIOS image onto that stick without risking the file itself being compromised (e.g. some virus modifies the file at some point between downloading it and flashing it out)?

    • (Score: 2) by jmorris on Wednesday December 09 2015, @05:04PM

      by jmorris (4844) on Wednesday December 09 2015, @05:04PM (#274005)

      That is a pretty solved problem. RSA signatures are a commonplace solution.