Tag Archive for: NotPetya

Five years on: The shadow of WannaCry and NotPetya | Viewpoint

/in


cyber risk ransomware

Cyber risk is not new, or stationary, it is complex and evolving. But for all its complexity, like most things human, cyber risk follows a cyclical pattern. New risks may emerge, but the vast majority of risks are just old threats re-imagined for a new age.

WannaCry and NotPetya still cast a heavy shadow over us five years on but older readers will agree these are mere shadows compared to the chaos caused by Conficker, Melissa, ILOVEYOU and SQL Slammer in the early 2000s. 

This older generation of malware worms was significantly more potent but came at a time when both their recognition and insurable impact were considerably moderated as corporate and business processes were far less digitised – in an age before the evolution of cyber insurance.

From these older-generation threats through to more recent events with WannaCry and NotPetya, what do we know now, what have we learned, and what has changed?

“Ransomware is now a mainstream threat. Across all walks of life, we hear about it, with regularity and fear – it is not some niche risk constrained to the IT security industry”

The threat of systemic malware/ransomware still drives the risk we face. Some worry about cloud outages but compared to the impacts of these attacks this is mainly “observation bias” as it is easy to picture a cloud outage. Compared to malware/ransomware, cloud outages are a second-tier peril. 

The good news is the absence of significant malware/ransomware events since WannaCry and NotPetya, but like hurricanes spiralling around the Atlantic without making landfall, we’ve had a selection of headline-grabbing near misses or glancing blows. The last 18 months alone saw SolarWinds, the Microsoft Exchange vulnerability, Kaseya, Blackbaud and, most notably, Log4Shell.

The recent near misses show that when a vulnerability exists it doesn’t mean it will be exploited, or that it is easy to successfully exploit vulnerabilities in a way that can be automated or “wormable”. Threat actors might not want to cause significant amounts of harm, and corporates may urgently mitigate the risk if the threat is so great.

So, what has changed since WannaCry? Ransomware is now a mainstream threat….

Source…

Sternum Adds the Cybersecurity Expert Behind NotPetya Malware Vaccine to Its Security Leadership Team | News

/in


TEL AVIV, Israel–(BUSINESS WIRE)–May 19, 2022–

Sternum, the pioneer in autonomous security and analytics for IoT devices, welcomes Amit Serper, a leading international cybersecurity expert, as its new Director of Security Research. As a veteran cybersecurity professional with a record of excellence in the field, Amit bolsters Sternum’s vast research capabilities with his decades of expertise in reverse engineering, vulnerability exploitation, and ethical hacking.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220519005910/en/

Amit Serper a leading international cybersecurity expert joins Sternum as its new Director of Security Research (Photo: Business Wire)

The global total of cyberattacks is surging year on year as hackers exploit the ever-growing trend toward digitalization. An uptick in international tensions is further exacerbating the trend as Russia allegedly unleashed its cyber-arsenal on Ukraine in the run-up to its ground incursion. Previously, the U.S. intelligence community blamed Moscow for NotPetya malware attacks on Ukrainian networks, which destroyed sensitive data on a variety of servers and spilled out beyond Ukraine to wreak havoc on businesses.

Amit Serper, who found a “vaccine” for NotPetya, now joins Sternum’s leadership team to lend the company his vast expertise in cybersecurity. Amit will be in charge of Sternum’s security research, leading its team of cybersecurity experts as they work to transform the IoT defense paradigm.

Before joining Sternum, Amit worked as the Director of Security Research for Akamai Technologies, a U.S. cloud and cybersecurity giant, where he focused on enterprise network protection. Prior to that, he held the offices of North American VP of Security Research for Guardicore, a network segmentation company, ahead of its acquisition by Akamai. Amit also held a number of positions in Cybereason, working his way up from Senior Security Researcher to VP for Security Strategy. His private sector career followed years of service in the Israeli military and intelligence, where he took on a variety of security roles and…

Source…

US offers $10 million reward for information about Russian military hackers implicated in NotPetya attack

/in


The United States has made it $10 million harder to keep your mouth shut, if you happen to have any information about the Russian military hackers who masterminded the notorious NotPetya cyber attack.

NotPetya struck in June 2017, spread via a poisoned update to a Ukrainian accounts program widely used by businesses in the country.

Victims found their data scrambled by the ransomware.
One high profile victim was Pavlo Rozenko, who at the time the deputy prime minister of Ukraine.  He posted on Twitter a photograph of his PC – mid-way through being encrypted by NotPetya.

Victims, however, were not limited to Ukraine.  NotPetya struck power plants, airports, and government computers in dozens of countries.  Victims included pharmaceutical firm Merck, law firm DLA Piper, container ship operator Maersk, and British advertising company WPP.

In its announcement about the reward, US authorities revealed that NotPetya had cost American organisations almost $1 billion in losses.

And now the US authorities is trying to gather as much information as it can about those it alleges were involved in NotPetya’s creation and propagation – and isn’t afraid to offer a large amount of money to get it.

“These cyber intrusions damaged the computers of hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in western Pennsylvania, a large U.S. pharmaceutical manufacturer, and other US private sector entities,” declared the US State Department.

The six men named by the United States authorities are GRU officers Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), Pavel Valeryevich Frolov (Павел Валерьевич Фролов), Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко), and Petr Nikolayevich Pliskin (Петр Николаевич Плискин).

A federal grand jury indicted the six Russian officers in October 2020, on counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging…

Source…

US offering $10 million for info on Russian military hackers accused of NotPetya attacks

/in


The U.S. State Department announced a $10 million reward Tuesday for information about six hackers working within the GRU, Russia’s foreign military intelligence agency.

The six — all of them tied to the infamous “Sandworm” hacking group — were implicated in the creation and propagation of the NotPetya malware in charges filed by the Justice Department in 2020

U.S. officials previously said NotPetya caused $10 billion worth of damage worldwide but noted in a release on Tuesday that the malware collectively cost U.S. organizations nearly $1 billion in losses.

GRU officers Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin are listed in the notice and are accused of violating the Computer Fraud and Abuse Act (CFAA) through attacks on U.S. critical infrastructure. 

“These individuals were members of the criminal conspiracy responsible for the June 27, 2017, destructive malware infection of computers in the United States and worldwide using malware known as NotPetya,” the State Department said. “These cyber intrusions damaged the computers of hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in western Pennsylvania, a large U.S. pharmaceutical manufacturer, and other US private sector entities.”

The DOJ has previously said that NotPetya crippled Heritage Valley’s two hospitals, 60 offices, and 18 community satellite facilities, keeping hospital officials from accessing patient histories, exam files and lab records. 

The hospitals had no access to computer systems connected to cardiology, nuclear medicine, radiology, and surgery departments for a week, and their administrative systems were down for nearly a month. 

The six GRU members worked within Unit 74455, which is also known by some researchers as Voodoo Bear, Telebots and Iron Viking. 

In 2020, they were charged with a range of offenses connected to attacks on Ukraine, Georgia, France and South Korea.

In addition to NotPetya, the group used destructive malware like KillDisk and Industroyer to cause blackouts in Ukraine. They also…

Source…