April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Cyber experts believe more behind Petya attack than just ransomware

Sjouwerman

TAMPA BAY, FL June 28, 2017 After a full 24 hours of monitoring the latest global ransomware outbreak, KnowBe4’s CEO warns IT pros that the new strain appears to be open cyber warfare, targeted at the Ukraine, with the spread of it beyond those borders as “collateral damage”. According to reports by security experts, the attack was spread through a software update to Ukrainian accounting company Intellekt Servis' product. Their June 22 update was pushed out and looks to have contained sleeper code that kicked in one day before Ukraine's Constitution Day. Ukraine’s national police warned this was only one vector of the attack and Russian security firm Group-IB says it saw companies infected through malicious email attachments.

KnowBe4 CEO Stu Sjouwerman stated, “This has been brewing under the surface for a few years, but now we are dealing with open cyber warfare here. Like it or not, as an IT Pro, you have just found yourself on the frontline of 21-st century war.” Sjouwerman noted, “The Ukraine is locked in a bitter proxy fight with Russia since the annex of the Crimean peninsula and the separatist war in eastern Ukraine. Russia's GRU, the foreign military intelligence agency of the General Staff of the Armed Forces of the Russian Federation is likely behind this.”

Nicholas Weaver, a security researcher at the International Computer Science Institute and lecturer at UC Berkeley, said Petya appears to have been well engineered to be destructive while masquerading as a ransomware strain stating, “I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware.”

Craig Williams, security outreach manager with Cisco Systems said: “I think not only is it out there trying to make a profit, but it’s also making a very clear political statement: it’s intentionally trying to damage businesses that interact with the Ukrainian tax system.“

Russian security firm Group-IB reports that Petya bundles a tool called “LSADump,” which can gather passwords and credential data from Windows computers and domain controllers on the network.

The official full name of the GRU is Main Intelligence Agency of the General Staff of the Russian Armed Forces. The GRU is Russia's largest foreign intelligence agency. In 1997 it deployed six times as many agents in foreign countries as the SVR, the successor of the KGB's foreign operations directorate. It also commanded 25,000 Spetsnaz troops in 1997. Source: WikiPediaThe GRU has its own cyber armies and works together with sophisticated hacker groups like APT28 which also goes by Fancy Bear. These are typically the guys behind attacks like this, however, this particular infection is a new low, because it's main goal is destructive, masked as a ransomware attack.

In a recent blog post, Sjouwerman noted reports by WSJ that Vladimir Putin recently approved of Patriotic Russian Hackers. “This is what you get when you unleash those hounds: a lot of collateral damage, even including Russia's own major oil company Rosneft, ironically owned for a good chunk by Putin himself,” said Sjouwerman.

Sjouwerman advises quick measures to combat the fallout and stay safe:

 

Recent Videos

Kelvin Hughes leads the way in detection for security and surveillance applications. Utilising its SharpEye™ solid state X-Band radar, paired with...
Kelvin Hughes leads the way in detection for security and surveillance applications. Utilising its SharpEye™ solid state X-Band radar, paired with...
“Varian’s Imaging Components business has a 50 plus year history of dedication to the imaging industry.”—Sunny Sanyal, Senior Vice President and...
IntraLogic's official release of the "One Button" Lockdown system on CBS 2 News.