Screen Shot 2017-03-23 at 11.53.46-1.png

This week a new PoS malware was published dubbed, MajiikPOS that is targeting the financial vertical; a new ransomware with a Star Trek theme is the first to demand payment in Monero; 3,000 industrial plants a year are infected with malware, due to persistent attacks.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 

 

 

 

PoS Malware

 

MajiikPOS features modular design similar to RAT to target payment systems. 
 
Why is this significant? 
 
  • MajiikPOS was first detected at the end of January 2017 and evidence indicates that the systems were first infiltrated around August-November 2016.
  • The attackers are first scanning for open VNC & RDP ports and then they dominate weak credentials. 
  • After the attackers are in, they use a range of techniques to gain intel on the victim, later to assist in a memory-scraping module to monitor the device's RAM for anything that looks financial related.
 /** Read how enSilo protects Point-of-Sales systems **/
 
Read the full story in Bleeping Computer

Ransomware

 Star Trek themed ransomware demands in Monero, not bitcoin.

 

Why is this significant?
  • There are 625 different files that Kirk ransomware targets, including, Solitaire and the decryptor is called Spock.
  • This is the first time that a ransomware demands payment in Monero.  This will be confusing to victims, as Monero is a newer crypto-currency that victims will not know how to make transactions.
  • It’s unknown how Kirk ransomware is being distributed and there are not any known victims and it doesn’t seem to be decryptable.
/** Read more on how to stop ransomware at www.ransomwareprevention.com**/
  
Read the full story in Bleeping Computer

 

Malware

Malware infects 3,000 industrial plants per year due to undetected malware that is not prevalent enough to be detected, but nonetheless persistent.

 

Why is this significant?

 
  • Researchers studied 15,000 malware samples from databases such as VirusTotal over 3 months, discovering a Siemens PLC-poser malware and other malware.  
  •  There was at least 1 attack that was dated from 2011, a phishing attack targeting nuclear sites in the West.  It doesn’t mean that the site shut down and it is not clear who was affected.
  • “More unnerving, however, was how many legitimate ICS files MIMICS discovered incorrectly flagged as malware in VirusTotal and other public sites, leaving those files exposed to abuse by cybercriminals or other threat actors looking for that type of intel to wage a targeted attack on an industrial site.”
Read the full story in Dark Reading