This article discusses ransomware and looks briefly at malware affecting point-of-sale (POS) systems, considering attack vectors and relevant defenses. It also touches on some of the exploit particulars, including origins as US government secrets.
In the last year, malware has featured prominently in news media, particularly as ransomware has affected a number of organizations including utilities, hospitals, and universities all over the world. Perhaps the most notorious, WannaCry and Petya, made use of vulnerability and exploit information previously held by the US National Security Agency and later disclosed by an organization calling itself the Shadow Brokers. Despite this, the defenses against these sorts of malware remain largely constant: a mixture of conventional preventative and detective controls. Furthermore, other sorts of malware with a more specialist focus, such as targeting point-of-sale (POS) software, requires the same set of defenses.
In May of this year, a variant of a previously little-known type of ransomware began infecting vulnerable systems and gained rapid notoriety for its affect against offices and healthcare facilities of the UK’s National Health Service (NHS). Like other sorts of ransomware, it affected its target systems by encrypting critical files, preventing the legitimate users from accessing them until paying a ransom in Bitcoin. Crucially for NHS, this impacted their ability to deliver health services to its patients, although other organizations such as corporations and universities faced similar computing disruptions. While its effect bore the usual hallmarks of ransomware, it spread using an exploit known as Eternal Blue.
Read more: bluetoad.com
About the Author
Jacob Ansari is a Manager at Schellman. Jacob performs and manages PCI DSS assessments. Additionally, Jacob oversees other Payment Card Industry assessment services, namely PA-DSS and P2PE. Jacob’s career spans fifteen years of information security consulting and assessment services, including network and application security assessments, penetration testing, forensic examinations, security code review, and information security expertise in support of legal matters. Jacob has performed payment card security compliance assessments since the payment card brands operated their own standards prior to the advent of PCI DSS. Jacob speaks regularly to a variety of audiences on matters of information security, incident response, and payment card compliance strategy.More Content by Jacob Ansari