Cyber authority warns of new tricky ransomware hack; Smart cash registers in play

Israel National Cyber Directorate identified a massive ransomware attack that prevents access to the software and requires a ransom to regain access.

 Illustrative image of a smart cash register.  (photo credit: PIQSELS)
Illustrative image of a smart cash register.
(photo credit: PIQSELS)

The Israel National Cyber Directorate on Thursday warned retailers across the country of an extremely tricky new and widespread cyber ransomware attack on smart cash registers’ software.

Recently, the INCD identified a massive ransomware attack that prevents access to the software and requires a ransom to regain it. 

The attack is being carried out on the software vendors themselves who provide services to the cash registers in stores.

In the insidious attack method, a message appears that looks like a proper system message from the management interface (screen connect) to the cash register screen. When clicked on, the message activates the malware that locks access and prevents operation of the cash register.

The INCD complimented the software vendors for acting responsibly in warning their customers not to click on the cleverly faked system message, which is mitigating some of the damage to some clients.

 Cyber attack (credit: INGIMAGE) Cyber attack (credit: INGIMAGE)

According to the directorate, stores that use the product and companies that provide services in the field need to reset passwords and avoid clicking on suspicious messages and links, even if they seem to come from a legitimate business partner.

Two-step authentication and secure connections remain critical.

Earlier in May, Communications Minister Yoaz Hendel and INCD Director Gabi Portnoy announced that the telecommunications industry would now be required to bolster their cyber-defenses because of recent large-scale cyberattacks.

“The State of Israel suffers from thousands of cyberattacks, some of them attempts against critical infrastructure, and we know about plots to launch further attacks," Hendel said. "As our dependence on digitization increases, so does the potential for risks and for the country to confront strategic damage on multiple fronts.

“There is no essential infrastructure that does not sit on a server which is part of the telecommunications network," he said. "Recent attacks show that state and other entities identify the telecommunications infrastructure as a highlighted target in order to hit strategic targets.”

There is a need for “proper management of the [cyber] defenses required to safeguard the public interest," the minister said. "We decided today to obligate the telecommunications companies to be equipped with the best detection-identification, containment and recovery capabilities available, in order to protect the public’s communications services from the potential damage of cyberattacks.”

“The joint initiative will take a step forward regarding the level of protection at the state level and will be a kind of ‘Iron Dome’ that provides an additional layer of protection for the entire economy," INCD chief Portnoy said.

“Cyber has no borders, and therefore this kind of collaboration that we promote with the Communications Ministry has added value," he said. "In the last month we have seen a significant increase in waves of attacks aimed at artificially overloading websites to get them to crash.”

The decision comes after a hearing in August 2021 led to amending the licenses of communications companies to add benchmarks for managing cyber-defense. This will reduce the risk of cyberattacks on communications networks, and on companies’ services and their subscribers.