Petya-like wormable malware: The “Who” and the “Why”
- EternalBlue and EternalRomance exploits: EternalBlue and EternalRomance are exploits for SMB remote code execution vulnerabilities (CVE-2017-0144 and CVE-2017-0145) leaked by the Shadow Brokers in April These exploits were reportedly used to propagate between networked machines running SMB. Patches for these vulnerabilities were released by Microsoft in March (MS17-010) and in May.
- PsExec: The ransomware used a tool similar to Mimikatz to harvest user credentials. These credentials were then passed to an older version of the PSExec Windows tool which was dropped by the malware. This tool then attempted to use PowerShell remote functionality to copy itself onto a target machine and begin execution.
- Windows Management Instrumentation (WMI): The malware also enumerated Windows network shares with WMI and attempted to launch a copy of itself on any discovered network shares.
- Prepare for stray bullets. Many organizations were impacted by the NotPeyta campaign. The interconnectivity of modern systems and the ubiquity of applications means that enterprises could find themselves the victims of attacks not specifically targeting their organizations.
- The bar for cyber-attacks keeps getting lower. The availability of leaked tools from the NSA and HackingTeam, coupled with ‘how to’ manuals, means that threat actors will have access to powerful tools that they can iterate from and leverage to aggressively accomplish their goals.
- The “basics” aren’t easy, but they should not be forgotten. Both NotPetya and the earlier WannaCry exploited basic and known security vulnerabilities, so segmenting networks and applying basic patching cycles will go a long way to mitigating threats such as this. This will go a long way in mitigating the ‘stray bullet’ factor outlined above.
- Think about the soft factors. Defense is not just about technical indicators and warning anymore, ‘soft’ factors such as motivation and geostrategic issues are now not just ‘nice to haves’ but are increasingly critical in the response to malware like NotPetya.
- Plan to fail. No amount of good security will entirely remove the risk posed by cyberattacks so it is critical to backup critical data and systems on a regular basis and ensure crisis management and comprehensive data recovery plans are in place and practiced. Extortion and destructive malware response should be in your incident response playbooks.
- If you aren’t already doing so, think about the digital risks associated with your supply chain. Sure, not all suppliers are attack vectors for targeted attacks, but many suppliers do not have the mature levels of security. Regardless of the alleged culpability of MEDoc, the deployment mechanism does highlight the attention that we all need to start paying to supply chain compromise.
- Defense in depth. Digital Shadows advocate using a ‘defense in depth’ strategy guided by four main principles: configuring host-based firewalls and using IP-whitelisting measures, segmenting networks and restricting workstation-to-workstation communication, applying patches and disabling unneeded legacy features, and restricting access to important data to only those who are required to have it.
Home >> Technology Section
KANZ Jewels Hosts Spectacular Golden Evening with Bollywood Sensation Padma Shri ...
Lg Brings 'Reinventing Together' Theme To The UAE For Two-Day Middle East And Af ...
UAE announces US$50 million commitment to the Lives and Livelihoods Fund 2.0 to ...
DOMOTEX Middle East 2024 Kicks Off in Dubai, Set to Transform the Regional Floor ...
Dubai Culture supports UAE's participation in Venice Biennale
UAE and Oman establish investment partnerships worth AED 129 billion to deepen c ...
Manchester City Players In Starting Line-Up For Etihad At Zayed International Ai ...
Uruguay bullish about GCC beef and lamb export prospects
Dubai Airports back to normal operations
MEDCARE WOMEN & CHILDREN HOSPITAL leads the way in advanced Gene Therapy with 10 ...
FIA President Attends Top-level Meetings in China in Light of the First Chinese ...
Ministry of Economy to launch ‘National Forum for SMEs - Government Procurement' ...
4500 Experts and Enthusiasts Converge in Dubai for the Machines Can See 2024
Hitachi Energy and SP Energy Networks to boost renewable energy flow
Union Coop Supports the Community Through Weather Adversity
Ministry of Finance's Federal Suppliers Register Enhances Government Procurement
What's Your Flayva? Here's Ten Tasty Dishes From Around The World, Each For Unde ...
Hysek reveals iconic timepieces at Watches & Wonders 2024
Second Industrialists Career Exhibition launches in Abu Dhabi in presence of HE ...