Kworld Trend / Towards stealthier dnspionage cyberattacks swengen, The DNSpionage group, which attacked the Domain Name System (DNS) last November, has expanded its means of intrusion. Towards more stealthy cyberattacks in the DNS.
NotPetya Wiper has greatly expanded the scope of damage caused by malware attacks in recent years. So much so that it forces CISOs and security researchers to rethink their strategies for combating this data destroyer.
On June 27, 2017, the eve of Ukraine’s Constitution Day, a major global cyber attack succeeded in infecting more than 80 Ukrainian companies with the help of a new cyber pathogen known since then as NotPetya.
Towards hidden cyber attacks from dnspionage
But NotPetya wasn’t limited to Ukraine’s internal borders: it has spread to infect thousands of businesses in Europe and around the world and wreak havoc. This virus was named NotPetya, because it was both similar and different from Petya, a self-propagating ransomware discovered in 2016 that, unlike other emerging forms of ransomware prevalent at the time, could not be decrypted. Another difference from previous ransomware types: Petya was also able to overwrite and encrypt master boot records, which is why it was considered more of a wiper-type malware, aimed specifically at wiping data, than true ransomware.
Like Petya, its successor NotPetya was not a real ransomware because it could not be decrypted and the attackers hid their work behind a bogus $300 ransom note to cover the real destructive goals of their malware. NotPetya appeared five weeks after another dangerous fake ransomware, WannaCry, appeared. Considered a true “cyber weapon,” NotPetya, like WannaCry, uses the EternalBlue computer tool developed by the US National Security Agency (NSA) and stolen from the security agency.
Using Eternal Blue, NotPetya exploited a vulnerability in the Windows Server Message Block (SMB) protocol, a flaw that Microsoft patched a few months ago in Windows 10. However, all it took was a Windows 10 PC that wasn’t fixed or One computer has one computer. An older version of Windows on-premise to spread malware. Another powerful tool was used in conjunction with EternalBlue: an old security lookup tool called Mimikatz, capable of extracting passwords from memory. The combination of the two allowed the attack to move from one machine to another.
Highly contagious malware from the Russian GRU
Although some experts have considered NotPetya to be a variant of Petya. The two malware are generally considered separate and distinct, especially when it comes to how they spread. NotPetya was much more contagious than Petya, and there seemed to be no way to prevent it from spreading rapidly from one host to another.
As documented by expert and journalist Andy Greenberg, shipping giant NotPetya includes Maersk, drug laboratory Merck, a subsidiary of European Fedex, TNT Express, French construction company Saint-Gobain, food producer Mondelz, and manufacturer Reckitt Benckiser. In total, the malware has caused more than $10 billion in global damage. NotPetya’s origin has been attributed to a group of Russian GRU operatives known as Sandworm or Unit 74455, possibly behind a 2015 cyber attack on Ukraine’s power grid, among other devastating cyber incidents.
But what remains of these attacks and what lessons have we learned from them? Two experts grappling with the aftermath of NotPetya five years ago take a look at the 2017 cyberattack and put the incident into perspective in the current context of Russia’s war on Ukraine.
Ransomware as a weapon of war
Amit Serber, chief security researcher at Cybereason at the time of the NotPetya attack, and now director of security research at Sternum, was the first person to develop a workaround capable of disabling NotPetya. At the time, “ransomware was just beginning to spread,” Mr. Serber recalls. At first, they targeted mostly ordinary people, and not large corporations or corporations, as is the case today.
The average citizen whose computer was fully encrypted was the norm, for example, elderly people who lost access to their grandchildren’s photos and that sort of thing,” said Amit Serber. After the arrival of WannaCry and NotPetya, the nature of ransomware use by criminals changed . Internet.
“We went from opportunistic use, in a drive-by-drive style of exploitation, to a quasi-weapon of war whereby nation-state-backed actors used ransomware to significantly disrupt the work of “other big corporations and states,” Serber said. He added: “At that time , NotPetya and WannaCry marked a turning point.”
Both viruses have made the world more complicated. “Until then, cybersecurity vendors focused on abstract theoretical security issues, but suddenly faced a deep transformation of simple technologies, including encryption and decryption for geopolitical purposes,” said Sternum’s director of security research. “We needed to get down to earth a bit and deal with this problem before looking at threats that were purely theoretical or more theoretical and more difficult to implement. Towards stealthier dnspionage cyberattacks swengen
Last
It’s no longer about hacking Coca-Cola and stealing its secret recipe. But to get a company like Coca-Cola involved in an international geopolitical issue and disable it as much as possible is collateral damage.” On a personal level, NotPetya marked an important turning point in Mr. Serper’s life. “This virus has affected my life in a very direct way.
He is responsible for obtaining my green card to live in the United States.” In fact, NotPetya was the main argument of Mr. Serper’s lawyer for obtaining the so-called “Einstein” visa. “I don’t have a high school diploma. I don’t have a college degree. So it was very difficult to prove that I knew what I was talking about. Much of our immigration issue was based on my contribution to preventing NotPetya. It worked, even though the previous administration was not immigration-friendly. Towards stealthier dnspionage cyberattacks swengen
NotPetya has evolved into CISO awareness
Adam Flatley is now Director of Threat Intelligence at Redacted, but back in NotPetya’s day. Which he was Director of Operations at Cisco Talos, and his team was among the first. To discover the true workings of the virus. “I think the NotPetya event has changed the consciousness of many information security officials. And security managers around the world,” he said. NotPetya CISOs have learned what can happen if they don’t segment their networks properly.
“If you look at what happened with NotPetya, you can see that the malware had an unchecked spread mechanism that allowed it to spread as far as it could,” Flatley explained. He further explained that “when the Russian hackers unleashed in Ukraine. All companies associated with this country through flat networks destroyed because of this attack.”
For Mr. Flatley, the current conflict in Ukraine reminds him of what happened with NotPetya. “At the beginning of the war. Wr thought the Russians would use either ransomware or spaces to attack Ukraine. And immediately remember what happened the last time.
Then, as the war progressed, a lot of evidence of the use of spaces emerged in Ukraine.” “ This time again we fear that these attacks will spread outside the country. Fortunately, so far the Russians have set up their scanners in a very classic way.
However, Mr. Flatley does not rule out a NotPetya-like event occurring in the aftermath of the current dispute. “Interestingly, the Russians are a little more careful this time about their cyberattacks, but that’s only because they decide to. The technology is still there, and they could easily change those settings and go if they wanted to.” Towards stealthier dnspionage cyberattacks swengen
