Stories
Slash Boxes
Comments

SoylentNews is people

"Nemesis" Bootkit Pwns Payment Processing Firms Running Windows

posted by martyb on Tuesday December 08 2015, @08:57PM   Printer-friendly
from the bootkits-are-the-worst dept.

"gewg_" writes in with news that The Register reported:

Security researchers at FireEye / Mandiant [say] "We identified the presence of a financially-motivated threat group that we track as FIN1, whose activity at the organisation dated back several years."

[...] "FIN1 used this malware to access the victim environment and steal cardholder data. The group, which may be located in Russia, is known for stealing data that is easily monetised from financial services organisations such as banks, credit unions, ATM operations, and financial transaction processing and financial business services companies."

[...] The malware's installation location also means it will persist even after re-installing the operating system, widely considered the most effective way to eradicate malware.

Can we all agree that updating firmware should require the movement of a physical jumper?

Original Submission

 
This discussion has been archived. No new comments can be posted.
"Nemesis" Bootkit Pwns Payment Processing Firms Running Windows | Log In/Create an Account | Top | 38 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by Anonymous Coward on Tuesday December 08 2015, @09:30PM

    by Anonymous Coward on Tuesday December 08 2015, @09:30PM (#273636)

    It is nothing like that at all. It proposes an actual solution to a problem as opposed to wishy-washy statements. Putting a physical switch is an attempt to PREVENT such infections in the FUTURE. Similar to how Chromebooks have a similar switch. Yeah, you could own a Chromebook all the way down, but it is made a lot harder by having said physical switch.

    Starting Score:    0  points
    Moderation   +3  
       Informative=3, Total=3
    Extra 'Informative' Modifier   0  
    Total Score:   3  

  • (Score: 3, Interesting) by Nerdfest on Tuesday December 08 2015, @11:25PM

    by Nerdfest (80) on Tuesday December 08 2015, @11:25PM (#273694)

    I'm pretty much at the point of disregarding nay comments from people that refer to companies by their stock symbols. For an interesting read, go back through old stories looking for comments where people do that.

    • (Score: 2) by Bill Evans on Wednesday December 09 2015, @01:55AM

      by Bill Evans (1094) on Wednesday December 09 2015, @01:55AM (#273748) Homepage

      I'm pretty much at the point of disregarding nay comments from people that refer to companies by their stock symbols.

      Yeah, I've had it up to here with negativity as well.

      • (Score: 2) by Nerdfest on Wednesday December 09 2015, @02:33AM

        by Nerdfest (80) on Wednesday December 09 2015, @02:33AM (#273762)

        You ought to be horse-whipped for trotting out a comment like that.

  • (Score: 1) by anubi on Wednesday December 09 2015, @04:43AM

    by anubi (2828) on Wednesday December 09 2015, @04:43AM (#273793) Journal

    I am building industrial Arduino-compatibles.

    MODBUS (RTU) / SCADA compatible. Uses a graphical HMI. As well as all those nifty little Arduino I2C interfaces.

    One thing I am extremely concerned with is that I do not allow the thing to get into programming mode until the jumper to force a reset at the appropriate time is in place.

    The question I have for this forum is.... just how easy is it to pwn an Arduino if you are only allowed to talk to it via its serial port?

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]