On 27 June 2017, the Russian military launched nation-state destroyer attack NotPetya. Causing an estimated $10 billion in damages, the White House described it as “the most destructive and costly cyber-attack in history”.
In June 2017, the malware NotPetya spread from Ukraine to some of the largest businesses worldwide. It then racked up more $10 billion in damages. Read the untold story of the most devastating cyberattack in history: https://t.co/nqfdaB1msm pic.twitter.com/B4Nypy6pYy
— WIRED (@WIRED) June 2, 2019
Experts Comments:
Marina Kidron, Director of Threat Intelligence at Skybox Research Lab:
“NotPetya was the most devastating cyberattack in history. Without enforcing proper cybersecurity hygiene and network visibility, organisations are paving the way for another, equally devastating, attack. Many ransomware variants use common exploits, such as how NotPetya leveraged EternalBlue. Where fixes for known exploits are already available, it’s common sense that they should be applied; but many organisations currently have no clear definition of their attack surface which makes it incredibly difficult to understand where exposed vulnerabilities exist and impossible to prioritise the remediation necessary to protect against a NotPetya-style attack.”
Marina’s warning comes after the recent discovery of critical vulnerabilities BlueKeep and Exim, the latter of which was exploited just one week after its discovery. Kidron continues: “BlueKeep is an easily spread vulnerability, like a worm, and therefore poses significant risk to organisations. These are two examples of aggressive vulnerabilities that, when exploited, can be easily deliver a destructive malware that may wreak havoc. NotPetya wasn’t a one-off. Nor was WannaCry. Criminals are readying themselves for their next big attack; it’s important now, more than ever, that security leaders err on the side of caution and act with vigilance if they want to ensure that their organisations’ security.”
Matt Lock, Director of Sales Engineers at Varonis:
“Two years after NotPetya, many companies still haven’t learned from their mistakes. If the threat of losing every file in a company and seeing the business grind to a halt fails to inspire action, it’s hard to imagine what would.
Companies that have been lucky so far are at risk as attackers continue to operationalize advanced exploits. The most secure password or the best employee training in the world would not have spared you from NotPetya. The standard rules and advice – not opening suspicious email attachments or links in emails, for example — did not apply with NotPetya. There is no one-size fits all solution. What companies can do, at the very least, is perform backups and keep systems up to date. Beyond that, companies should limit the information they have by deleting or archiving data that’s no longer needed.
NotPetya firmly planted cybersecurity as a topic in boardrooms worldwide. The surprising part: companies, even large and very successful ones, often know when they’ve delayed important security processes, updates and investments. Companies can’t wait for the next business meeting or budget cycle. Unfortunately, there’s no “pause” button when addressing security issues.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.