What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-05 16:00:49 | Merck règle la réclamation d'assurance NotPetya, laissant la définition de la cyber-guerre non résolue Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved (lien direct) |
> Dans un cas de repère qui brouille les frontières entre la guerre cyber et cinétique, Merck a atteint un règlement avec les assureurs de plus d'une réclamation de 1,4 milliard de dollars provenant de l'attaque de logiciels malveillante NotPetya.
>In a landmark case that blurs the lines between cyber and kinetic warfare, Merck reached a settlement with insurers over a $1.4 billion claim stemming from the NotPetya malware attack. |
Malware | NotPetya | ★★ |
|
2022-04-26 21:17:48 | US Offers $10 Million Reward for Russian Intelligence Officers Behind NotPetya Cyberattacks (lien direct) | The U.S. Department of State is offering a reward of up to $10 million for information on the attackers behind the June 2017 “NotPetya” cyberattacks that had a massive impact on companies globally. | NotPetya NotPetya | ||
|
2022-01-24 20:05:48 | Court Awards Merck $1.4B Insurance Claim Over NotPetya Cyberattack (lien direct) | 
New Jersey court delivers summary judgment against insurance company's refusal to pay based on war exclusion clause
|
NotPetya NotPetya | ||
|
2019-04-09 15:36:04 | Get Ready for the First Wave of AI Malware (lien direct) | While viruses and malware have stubbornly stayed as a top-10 “things I lose sleep over as a CISO,” the overall threat has been steadily declining for a decade. Unfortunately, WannaCry, NotPetya, and an entourage of related self-propagating ransomware abruptly propelled malware back up the list and highlighted the risks brought by modern inter-networked business systems and the explosive growth of unmanaged devices. | Ransomware Malware Threat | NotPetya Wannacry | |
|
2018-10-11 12:01:05 | Exaramel Malware Reinforces Link Between Industroyer and NotPetya (lien direct) | A new piece of malware discovered a few months ago by researchers at ESET provides more evidence that Industroyer (aka Crashoverride) is linked to the NotPetya wiper. | Malware | NotPetya | ★★★ |
|
2018-08-27 17:07:03 | Cyber Risk = Business Risk. Time for the Business-Aligned CISO (lien direct) | Data breaches, ransomware and other cyber attacks causing massive reputation issues (Equifax), knocking down merger prices (Yahoo!) or interrupting operations on a global scale (the NotPetya virus victims), have elevated cybersecurity concerns from the server room to the boardroom. | Ransomware | NotPetya Equifax Yahoo | |
|
2018-05-03 16:36:04 | Commodity Ransomware Declines as Corporate Attacks Increase (lien direct) | 2017 was a landmark year for ransomware, with WannaCry and NotPetya grabbing headlines around the world. Ransomware attacks grew by more than 400% over the year, while the number unique families and variants increased by 62%. These statistics, however, disguise an apparent change in the ransomware industry following the summer of 2017. | NotPetya Wannacry | ||
|
2018-04-13 16:10:02 | Illumio, Qualys Partner on Vulnerability-based Micro-Segmentation (lien direct) | Vulnerability management has two major components: discovering vulnerabilities, and mitigating those vulnerabilities. The first component is pointless without the second component. So, for example, Equifax, WannaCry, NotPetya, and many other breaches -- if not most breaches -- are down to a failure to patch, which is really a failure in vulnerability management. | NotPetya Wannacry Equifax | ||
|
2018-03-26 14:12:04 | (Déjà vu) Pentagon Looks to Counter Ever-stealthier Warfare (lien direct) | The US military has for years enjoyed a broad technological edge over its adversaries, dominating foes with superior communications and cyber capabilities. Now, thanks to rapid advances by Russia and China, the gap has shrunk, and the Pentagon is looking at how a future conflict with a "near-peer" competitor might play out. Air Force Secretary Heather Wilson recently warned that both Russia and China are experimenting with ways to take out the US military's satellites, which form the backbone of America's warfighting machine. "They know that we are dominant in space, that every mission the military does depends on space, and in a crisis or war they are demonstrating capabilities and developing capabilities to seek to deny us our space assets," Wilson said. "We're not going to let that happen." The Pentagon is investing in a new generation of satellites that will provide the military with better accuracy and have better anti-jamming capabilities. Such technology would help counter the type of "asymmetric" warfare practised by Russia, which combines old-school propaganda with social media offensives and cyber hacks. Washington has blamed Moscow for numerous cyber attacks, including last year's massive ransomware attack, known as NotPetya, which paralyzed thousands of computers around the world. US cyber security investigators have also accused the Russian government of a sustained effort to take control of critical US infrastructure systems, including the energy grid. Russia denies involvement and so far, such attacks have been met with a muted US military response. - Public relations shutdown - General John Hyten, who leads US Strategic Command (STRATCOM), told lawmakers the US has "not gone nearly far enough" in the cyber domain. He also warned that the military still does not have clear authorities and rules of engagement for when and how it can conduct offensive cyber ops. "Cyberspace needs to be looked at as a warfighting domain, and if somebody threatens us in cyberspace, we need to have the authorities to respond," Hyten told lawmakers this week. Hyten's testimony comes after Admiral Michael Rogers, who heads both the NSA -- the leading US electronic eavesdropping agency -- and the new US Cyber Command, last month said President Donald Trump had no | Guideline | NotPetya | |
|
2018-03-23 19:45:03 | (Déjà vu) Ransomware Hits City of Atlanta (lien direct) | A ransomware attack -- possibly a variant of SamSam -- has affected some customer-facing applications and some internal services at the City of Atlanta. The FBI and incident response teams from Microsoft and Cisco are investigating. The city's police department, water services and airport are not affected. The attack was detected early on Thursday morning. By mid-day the city had posted an outage alert to Twitter. In a press conference held Thursday afternoon, mayor Keisha Bottoms announced that the breach had been ransomware. She gave no details of the ransomware demands, but noticeably declined to say whether the ransom would be payed or refused. Bottoms could not at this stage confirm whether personal details had also been stolen in the same breach, but suggested that customers and staff should monitor their credit accounts. Questions on the viability of data backups and the state of system patches were not clearly answered; but it was stressed that the city had adopted a 'cloud first' policy going forwards specifically to improve security and mitigate against future ransomware attacks. A city employee obtained and sent a screenshot of the ransom note to local radio station 11Alive. The screenshot shows a bitcoin demand for $6,800 per system, or $51,000 to unlock all systems. It is suggested that the ransom note is similar to ones used by the SamSam strain of ransomware. Steve Ragan subsequently tweeted, "1 local, 2 remote sources are telling me City of Atlanta was hit by SamSam. The wallet where the ransom is to be sent (if they pay) has collected $590,000 since Jan 27." SamSam ransomware infected two healthcare organizations earlier this year. SamSam is not normally introduced via a phishing attack, but rather following a pre-existing breach. This could explain the concern over data theft on top of the data encryption. It also raises the question over whether the initial breach was due to a security failure, an unpatched system, or via a third-party supplier. Ransomware is not a new threat, and there are mitigations -- but it continues to cause havoc. Official advice is, wherever at all possible, refuse to pay. The theory is if the attackers cease getting a return on their attacks, they will turn to something easier with a better ROI on their time. This approach simply isn't working. Sometimes payment can be avoided by recovering data from backups | NotPetya Wannacry | ||
|
2018-03-19 13:51:04 | (Déjà vu) Russian Cyberspies Hacked Routers in Energy Sector Attacks (lien direct) | A cyberespionage group believed to be operating out of Russia hijacked a Cisco router and abused it to obtain credentials that were later leveraged in attacks targeting energy companies in the United Kingdom, endpoint security firm Cylance reported on Friday. The United States last week announced sanctions against Russian spy agencies and more than a dozen individuals for trying to influence the 2016 presidential election and launching cyberattacks, including the NotPetya attack and campaigns targeting energy firms. Shortly after, US-CERT updated an alert from the DHS and FBI to officially accuse the Russian government of being responsible for critical infrastructure attacks launched by a threat actor tracked as Dragonfly, Crouching Yeti and Energetic Bear. A warning issued last year by the UK's National Cyber Security Centre (NCSC) revealed that hackers had targeted the country's energy sector, abusing the Server Message Block (SMB) protocol and attempting to harvest victims' passwords. An investigation conducted by Cylance showed that the attacks were likely carried out by the Dragonfly group. The security firm has observed a series of phishing attacks aimed at the energy sector in the UK using two documents claiming to be resumes belonging to one Jacob Morrison. When opened, the documents fetched a template file and attempted to automatically authenticate to a remote SMB server controlled by the attackers. This template injection technique was detailed last year by Cisco Talos following Dragonfly attacks on critical infrastructure organizations in the United States. When a malicious document is opened using Microsoft Word, it loads a template file from the attacker's SMB server. When the targeted device connects to the SMB server, it will attempt to authenticate using the current Windows user's domain credentials, basically handing them over to the attackers. In a separate analysis of such attacks, Cylance noted that while the credentials will in most cases be encrypted, even an unsophisticated attacker will be able to recover them in a few hours or days, depending on their resources. According to Cylance, Dragonfly used this technique to harvest credentials that were later likely used to hack the systems of energy sector organizations in the United Kingdom. One interesting aspect noticed by Cylance researchers is that the IP address of the SMB server used in the template injection attack was associated with a major state-owned energy congl | NotPetya | ||
|
2018-03-16 14:40:02 | Sofacy Targets European Govt as U.S. Accuses Russia of Hacking (lien direct) | Just as the U.S. had been preparing to accuse Russia of launching cyberattacks against its energy and other critical infrastructure sectors, the notorious Russia-linked threat group known as Sofacy was spotted targeting a government agency in Europe. The United States on Thursday announced sanctions against Russian spy agencies and more than a dozen individuals for trying to influence the 2016 presidential election and launching cyberattacks, including the destructive NotPetya campaign and operations targeting energy firms. The Department of Homeland Security and Federal Bureau of Investigation issued a joint technical alert via US-CERT last year to warn about attacks launched by a group known as Dragonfly, Crouching Yeti and Energetic Bear on critical infrastructure. Researchers previously linked Dragonfly to the Russian government and now the DHS has officially stated the same. US-CERT has updated its alert with some additional information. The new version of the alert replaces “APT actors” with “Russian government cyber actors.” The DHS said that based on its analysis of malware and indicators of compromise, Dragonfly attacks are ongoing, with threat actors “actively pursuing their ultimate objectives over a long-term campaign.” This is not the first time the U.S. has imposed sanctions on Russia over its attempt to influence elections. Russia has also been accused by Washington and others of launching the NotPetya attack last year. The Kremlin has always denied the accusations, but President Vladimir Putin did admit at one point that patriotic hackers could be behind the attacks. If Dragonfly and Sofacy (aka Fancy Bear, APT28, Sednit, Tsar Team and Pawn Storm) are truly operating out of Russia, they don't seem to be discouraged by sanctions and accusations. On March 12 and March 14, security firm Palo Alto Networks spotted attacks launched by Sofacy against an unnamed European government agency using an updated variant of a known tool. Sofacy has been using a Flash Player exploit platform dubbed DealersChoice since at least 2016 and it has continued improving it. The latest version has been delivered to a government organization in Europe using a spear phishing email referencing the “Underwat | NotPetya APT 28 | ||
|
2018-03-15 13:03:01 | (Déjà vu) Microsoft Publishes Bi-annual Security Intelligence Report (SIR) (lien direct) | !function(){if("undefined"==typeof powerbiresize){powerbiresize=1;var e=function(){for(var e=document.querySelectorAll("[pbi-resize=powerbi]"),i=0;i | NotPetya Wannacry | ||
|
2018-03-13 15:50:02 | (Déjà vu) Usual Threats, But More Sophisticated and Faster: Report (lien direct) | Almost Every Type of Cyber Attack is Increasing in Both Volume and Sophistication Eight new malware samples were recorded every second during the final three months of 2017. The use of fileless attacks, primarily via PowerShell, grew; and there was a surge in cryptocurrency hijacking malware. These were the primary threats outlined in the latest McAfee Lab's Threat Report (PDF) covering Q4 2017. The growth of cryptomining malware coincided with the surge in Bitcoin value, which peaked at just under $20,000 on Dec. 22. With the cost of dedicated mining hardware at upwards of $5,000 per machine, criminals chose to steal users' CPU time via malware. It demonstrates how criminals always follow the money, and choose the least expensive method of acquiring it with the greatest chance of avoiding detection. Since December, Bitcoin's value has fallen to $9,000 (at the time of publishing). Criminals' focus on Bitcoin is likewise being modified, with Ethereum and Monero becoming popular. Last week, Microsoft discovered a major campaign focused on stealing Electroneum. "We currently see discussions in underground forums that suggest moving from Bitcoin to Litecoin because the latter is a safer model with less chance of exposure," comments Raj Samani, chief scientist and McAfee fellow with the Advanced Threat Research Team. The speed with which criminals adapt to their latest market conditions is also seen in the way they maximize their asymmetric advantage. "Adversaries," writes Samani, "have the luxury of access to research done by the technical community, and can download and use opensource tools to support their campaigns, while the defenders' level of insight into cybercriminal activities is considerably more limited, and identifying evolving tactics often must take place after malicious campaigns have begun." Examples of attackers making use of legitimate research include Fancy Bear (APT28) leveraging a Microsoft Office Dynamic Data Exchange technique in November 2017 that had been made public just a few we | NotPetya Equifax APT 28 | ||
|
2018-03-02 15:45:05 | Nuance Estimates NotPetya Impact at $90 Million (lien direct) | Nuance Communications, one of the companies to have been impacted by the destructive NotPetya attack last year, estimates the financial cost of the attack at over $90 million. | NotPetya | ||
|
2018-02-16 06:00:03 | U.S., Canada, Australia Attribute NotPetya Attack to Russia (lien direct) | The United States, Canada, Australia and New Zealand have joined the United Kingdom in officially blaming Russia for the destructive NotPetya attack launched last summer. Moscow has denied the accusations. | NotPetya | ||
|
2018-01-26 08:31:06 | Maersk Reinstalled 50,000 Computers After NotPetya Attack (lien direct) | Jim Hagemann Snabe, chairman of Danish shipping giant A.P. Moller–Maersk, revealed this week at the World Economic Forum in Switzerland that the company was forced to reinstall software on nearly 50,000 devices following the NotPetya attack. | NotPetya | ||
|
2017-10-30 08:33:54 | NotPetya Attack Had Significant Impact on Merck Revenue (lien direct) | American pharmaceutical giant Merck reported last week that the recent NotPetya malware attack caused losses of hundreds of millions of dollars in revenue. | NotPetya | ||
|
2017-10-26 09:36:43 | \'Bad Rabbit\' Attack Infrastructure Set Up Months Ago (lien direct) | The infrastructure used by the Bad Rabbit ransomware was set up months ago and an increasing amount of evidence links the malware to the NotPetya attack launched in late June, which some experts believe was the work of a Russian threat actor. | NotPetya | ||
|
2017-10-25 09:03:01 | Bad Rabbit Linked to NotPetya, but Not as Widespread (lien direct) | The Bad Rabbit ransomware attack that hit Russia and Ukraine on Tuesday has been linked to the recent NotPetya outbreak, but the number of infections appears to be far smaller. | NotPetya | ||
|
2017-10-24 16:33:57 | \'Bad Rabbit\' Ransomware Attack Hits Russia, Ukraine (lien direct) | Several major organizations in Russia and Ukraine were hit in the past few hours by a ransomware named “Bad Rabbit.†The incident reminds of the massive attack involving NotPetya malware, which ended up costing companies millions of dollars. | NotPetya | ||
|
2017-08-17 14:50:12 | NotPetya Attack Costs Big Companies Millions (lien direct) | Some of the big companies hit by the NotPetya malware in late June have reported losing hundreds of millions of dollars due to the cyberattack. | NotPetya | ||
|
2017-07-20 13:54:09 | FedEx May Have Permanently Lost Data Encrypted by NotPetya (lien direct) | FedEx-owned international delivery services company TNT Express is still working on restoring systems hit last month by the destructive NotPetya malware attack, but some business data may never be recovered, FedEx said in a Securities and Exchange Commission (SEC) filing this week. | FedEx NotPetya | ||
|
2017-07-06 15:43:15 | NotPetya Operators Accessed M.E.Doc Server Using Stolen Credentials: Cisco (lien direct) | The group behind last week's destructive NotPetya attack was able to access M.E.Doc's update server and use it for their nefarious purposes courtesy of stolen credentials, Cisco has discovered. | NotPetya | ||
|
2017-07-06 15:26:48 | NotPetya Decryption Key Sale - Genuine or Curveball Charade? (lien direct) | Confusion over the source and motive behind the NotPetya ransomware outbreak was given an extra stir with the offer for sale of a private decryption key. Posts appeared Tuesday on both Pastebin and DeepPaste: "Send me 100 Bitcoins and you will get my private key to decrypt any harddisk (except boot disks)." | NotPetya | ||
|
2017-07-05 16:41:06 | Fake WannaCry Ransomware Uses NotPetya\'s Distribution System (lien direct) | The NotPetya wiper wasn't the only piece of malware distributed last week using the compromised M.E.Doc update mechanism: a fake WannaCry ransomware variant was delivered using the same channel, Kaspersky Lab reports. | NotPetya Wannacry | ||
|
2017-07-05 13:06:00 | Researchers Dissect Stealthy Backdoor Used by NotPetya Operators (lien direct) | ESET security researchers have performed a detailed analysis of a stealthy backdoor used by the group behind the NotPetya destructive wiper and injected into the legitimate resources of tax accounting software M.E.Doc earlier this year. | NotPetya | ||
|
2017-07-03 12:38:14 | NotPetya Connected to BlackEnergy/KillDisk: Researchers (lien direct) | Last week's devastating NotPetya attack might have been launched by the same threat group that previously used the Russia-linked BlackEnergy malware family in attacks against Ukraine, security researchers reveal. | NotPetya | ||
|
2017-06-30 19:43:37 | Microsoft Tackles Ransomware with Controlled Folder Access (lien direct) | In the wake of global malicious attacks such as WannaCry and NotPetya, Microsoft this week announced a new feature meant to keep users' data safe from ransomware and other type of malware. | NotPetya Wannacry | ||
|
2017-06-30 14:30:46 | Industry Reactions to Destructive NotPetya Attacks: Feedback Friday (lien direct) | A wiper malware disguised as ransomware wreaked havoc this week, infecting the systems of numerous organizations across more than 60 countries. | NotPetya | ||
|
2017-06-29 12:42:39 | NotPetya - Destructive Wiper Disguised as Ransomware (lien direct) | NotPetya/GoldenEye Malware Overwrites Master Boot Record | NotPetya | ||
|
2017-06-28 14:56:16 | UK\'s Metropolitan Police Still Using 10,000 Windows XP Computers (lien direct) | Legacy Windows XP systems used by public authorities in the UK remains a concern. The WannaCry outbreak last month followed by the current 'NotPetya' outbreak -- both using a vulnerability patched in newer versions of Windows, but initially unpatched in XP -- highlights the problem. | NotPetya Wannacry | ||
|
2017-06-28 12:59:55 | Petya/NotPetya: What We Know in the First 24 Hours (lien direct) | Petya/NotPetya Ransomware May Not be a Financially Motivated Attack, Researchers Say | NotPetya | ||
|
2017-06-27 15:14:15 | NotPetya Ransomware Outbreak Hits Organizations Globally (lien direct) | Organizations worldwide are currently under a cyber-attack involving what was originally believed to be the year-old Petya ransomware, but now is being called "NotPetya" and seems to be a never before seen ransomware family. | NotPetya |
1
We have: 34 articles.
We have: 34 articles.
To see everything:
Our RSS (filtrered)
