What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-28 13:00:00 | Comment le règlement Merck affectera-t-il l'industrie de l'assurance? How will the Merck settlement affect the insurance industry? (lien direct) |
> Un changement majeur dans la façon dont les travaux de cyber-assurance ont commencé par une attaque contre le géant pharmaceutique Merck.Ou a-t-il commencé ailleurs?En juin 2017, l'incident de NotPetya a frappé quelque 40 000 ordinateurs Merck, détruisant des données et forçant un processus de récupération de plusieurs mois.L'attaque a affecté des milliers de sociétés multinationales, dont Mondel & # 275; Z et Maersk.Au total, [& # 8230;]
>A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else? In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, […] |
NotPetya | ★★ | |
 |
2024-02-03 08:00:00 | DeArrow – Pour en finir avec les putaclics sur YouTube (lien direct) | Les vignettes YouTube sont souvent trompeuses et sensationnalistes, poussant l'utilisateur à cliquer avec des titres exagérés. L'extension DeArrow permet de contrer le clickbait en améliorant les titres et vignettes grâce au crowdsourcing, offrant une représentation plus fidèle du contenu. Elle est personnalisable et intègre les modifications directement sur YouTube, tout en donnant l'option de voir les versions originales. | NotPetya | ★★★ | |
 |
2024-01-12 10:49:28 | NotPetya, six ans après : Merck et ses assureurs trouvent un accord ! (lien direct) | Six ans après la redoutable cyberattaque NotPetya, le géant pharmaceutique Merck a conclu un accord significatif avec ses assureurs. Au cœur du débat : la définition des 'actes de guerre' dans le cyberespace. | NotPetya | ★★ | |
 |
2024-01-11 14:30:00 | Guerre ou coût des affaires?Les cyber-assureurs hissent les exclusions War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (lien direct) |
À la suite d'un règlement sur les réclamations de 700 millions de dollars de Merck \\ sur les dommages-intérêts de NotPetya, des questions demeurent sur ce qui constitue un acte de guerre pour les politiques de cyber-assurance.
Following a settlement over Merck\'s $700 million claims over NotPetya damages, questions remain about what constitutes an act of war for cyber-insurance policies. |
NotPetya | ★★★ | |
 |
2024-01-09 10:21:35 | Victime de NotPetya, Merck trouve finalement un accord avec ses assureurs (lien direct) | Après cinq ans de procédures judiciaires, le groupe pharmaceutique Merck a trouvé un accord amiable avec des assureurs qui refusaient de l'indemniser au titre d'une cyberattaque. | Legislation | NotPetya | ★★★★★ |
 |
2024-01-08 10:30:00 | Merck s'installe avec les assureurs de plus de 700 millions de dollars NotPetya réclamation Merck Settles With Insurers Over $700m NotPetya Claim (lien direct) |
Le géant pharmaceutique Merck a atteint un règlement avec les cyber-assureurs qui ont refusé de payer pour des «actes de guerre»
Pharma giant Merck has reached a settlement with cyber-insurers that refused to pay out for “acts of war” |
Legislation | NotPetya | ★★★ |
 |
2024-01-05 17:52:00 | Merck s'installe avec les assureurs qui ont nié 700 millions de dollars de réclamation notpetya Merck settles with insurers who denied $700 million NotPetya claim (lien direct) |
Le géant pharmaceutique Merck aurait atteint un règlement avec les assureurs sur leurs refus de couvrir les pertes provenant de la cyberattaque NotPetya en 2017. Le règlement non divulgué, First Signalé par Bloomberg Law, est l'aboutissement d'une bataille judiciaire qui a attiré l'attention de la cybersécurité et de l'assurance en raison de ses implications en raison de ses implicationspour définir
Pharmaceutical giant Merck has reportedly reached a settlement with insurers over their refusals to cover losses stemming from the NotPetya cyberattack in 2017. The undisclosed settlement, first reported by Bloomberg Law, is the culmination of a years-long court battle that has attracted attention from the cybersecurity and insurance industries because of its implications for defining |
NotPetya | ★★★★ | |
 |
2024-01-05 16:00:49 | Merck règle la réclamation d'assurance NotPetya, laissant la définition de la cyber-guerre non résolue Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved (lien direct) |
> Dans un cas de repère qui brouille les frontières entre la guerre cyber et cinétique, Merck a atteint un règlement avec les assureurs de plus d'une réclamation de 1,4 milliard de dollars provenant de l'attaque de logiciels malveillante NotPetya.
>In a landmark case that blurs the lines between cyber and kinetic warfare, Merck reached a settlement with insurers over a $1.4 billion claim stemming from the NotPetya malware attack. |
Malware | NotPetya | ★★ |
 |
2023-08-29 10:00:00 | Lutte contre les logiciels malveillants dans la chaîne d'approvisionnement industrielle Battling malware in the industrial supply chain (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Here\'s how organizations can eliminate content-based malware in ICS/OT supply chains. As the Industrial Internet of Things (IIoT) landscape expands, ICS and OT networks are more connected than ever to various enterprise systems and cloud services. This new level of connectivity, while offering benefits, also paves the way for targeted and supply chain attacks, making them easier to carry out and broadening their potential effects. A prominent example of supply chain vulnerability is the 2020 SolarWinds Orion breach. In this sophisticated attack: Two distinct types of malware, "Sunburst" and "Supernova," were secretly placed into an authorized software update. Over 17,000 organizations downloaded the update, and the malware managed to evade various security measures. Once activated, the malware connected to an Internet-based command and control (C2) server using what appeared to be a harmless HTTPS connection. The C2 traffic was cleverly hidden using steganography, making detection even more challenging. The threat actors then remotely controlled the malware through their C2, affecting up to 200 organizations. While this incident led to widespread IT infiltration, it did not directly affect OT systems. In contrast, other attacks have had direct impacts on OT. In 2014, a malware known as Havex was hidden in IT product downloads and used to breach IT/OT firewalls, gathering intelligence from OT networks. This demonstrated how a compromised IT product in the supply chain could lead to OT consequences. Similarly, in 2017, the NotPetya malware was concealed in a software update for a widely-used tax program in Ukraine. Though primarily affecting IT networks, the malware caused shutdowns in industrial operations, illustrating how a corrupted element in the supply chain can have far-reaching effects on both IT and OT systems. These real-world incidents emphasize the multifaceted nature of cybersecurity risks within interconnected ICS/OT systems. They serve as a prelude to a deeper exploration of specific challenges and vulnerabilities, including: Malware attacks on ICS/OT: Specific targeting of components can disrupt operations and cause physical damage. Third-party vulnerabilities: Integration of third-party systems within the supply chain can create exploitable weak points. Data integrity issues: Unauthorized data manipulation within ICS/OT systems can lead to faulty decision-making. Access control challenges: Proper identity and access management within complex environments are crucial. Compliance with best practices: Adherence to guidelines such as NIST\'s best practices is essential for resilience. Rising threats in manufacturing: Unique challenges include intellectual property theft and process disruptions. Traditional defenses are proving inadequate, and a multifaceted strategy, including technologies like Content Disarm and Reconstruction (CDR), is required to safeguard these vital systems. Supply chain defense: The power of content disarm and reconstruction Content Disarm and Reconstruction (CDR) is a cutting-edge technology. It operates on a simple, yet powerful premise based on the Zero Trust principle: all files could be malicious. What does CDR do? In the complex cybersecurity landscape, CDR stands as a unique solution, transforming the way we approach file safety. Sanitizes and rebuilds files: By treating every file as potentially harmful, CDR ensures they are safe for use while mainta | Malware Vulnerability Threat Industrial Cloud | NotPetya Wannacry Solardwinds | ★★ |
 |
2023-06-27 14:54:03 | Six ans après NotPetya: une analyse de Tom Gol, CTO pour la recherche à Armis Six years on from NotPetya: an analysis from Tom Gol, CTO for research at Armis (lien direct) |
Six ans se sont écoulés depuis que le tristement célèbre cyberattaque notpetya a envoyé des ondes de choc dans le paysage de la cybersécurité.Initialement déguisé en ransomware, NotPetya a rapidement révélé sa véritable nature destructrice, répartissant les dommages aux entreprises et aux gouvernements du monde entier, entraînant des milliards de dollars de pertes.Six ans plus tard, l'impact de l'attaque NotPetya est toujours [& # 8230;]
Six years have passed since the infamous NotPetya cyber attack sent shockwaves through the cybersecurity landscape. Initially disguised as ransomware, NotPetya quickly revealed its true destructive nature, spreading damage to businesses and governments around the world, resulting in billions of dollars in losses. Six years later, the impact of the NotPetya attack is still being […] |
NotPetya NotPetya | ★★★ | |
 |
2023-05-09 13:00:00 | Cyberheistnews Vol 13 # 19 [Watch Your Back] Nouvelle fausse erreur de mise à jour Chrome Attaque cible vos utilisateurs CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users (lien direct) |
CyberheistNews Vol 13 #19 | May 9th, 2023
[Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users
Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages.
"Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area."
The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner.
A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks.
This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them.
Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture.
Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages
A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation
Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more.
Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, |
Ransomware Data Breach Spam Malware Tool Threat Prediction | NotPetya NotPetya APT 28 ChatGPT ChatGPT | ★★ |
 |
2023-05-04 13:04:17 | Commentez la décision de la Cour supérieure de la Cour de la Cour de l'appel du New Jersey en faveur de la réclamation de 1,4 milliard de dollars de Merck \\ contre le secteur de l'assurance Comment on the Superior Court of New Jersey Appellate Division ruling in favour of Merck\\'s $1.4 billion claim against the insurance industry (lien direct) |
Suite à la décision que les assureurs de Merck \\ ne peuvent pas utiliser une clause "Act of War" pour refuser au géant pharmaceutique une réclamation contre sa cyber-attaque notpetya, une réponse à ceci de Naoris Protocol, une cybersécurité décentraliséeferme, et son COO et co-fondateur Monica Oravcova, COO.
-
mise à jour malveillant
Following the ruling that Merck\'s insurers can\'t use an "act of war" clause to deny the pharmaceutical giant a claim against its NotPetya cyber attack, a response to this from Naoris Protocol, a decentralised cybersecurity firm, and its COO and co-founder Monica Oravcova, COO. - Malware Update |
NotPetya NotPetya | ★★ | |
|
2023-05-03 19:18:00 | La Cour rejette les assureurs Merck \\ 'tenter de refuser la couverture des dommages-intérêts notpetya Court Rejects Merck Insurers\\' Attempt to Refuse Coverage for NotPetya Damages (lien direct) |
Les assureurs ont soutenu sans succès les pertes de 1,4 milliard de dollars de Merck \\ après une cyberattaque notpetya sont tombées sous l'exclusion en temps de guerre.
Insurers unsuccessfully argued Merck\'s $1.4B in losses following NotPetya cyberattack fell under wartime exclusion. |
NotPetya NotPetya | ★★★ | |
|
2023-04-03 23:00:00 | Le Royaume-Uni dit que ses cyber-opérations offensives sont \\ 'responsables, précises et calibrées \\' UK says its offensive cyber operations are \\'accountable, precise, and calibrated\\' (lien direct) |
Alors que le rôle des cyber-opérations dans les États internationaux continue de croître, la cyber-force nationale du Royaume-Uni (NCF) a publié un article arguant que ses activités sont fondamentalement différentes de celles de ses adversaires.Contrairement aux cyberattaques «téméraires» que le Royaume-Uni dit [Russie] (https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed) et [China] (https://www.ncsc.gov.uk/news/uk-conds-chinese-cyber-attacks-against-business-governments) se sont engagés - à savoir le notpetya destructeur
As the role of cyber operations in international statecraft continues to grow, the United Kingdom\'s National Cyber Force (NCF) has published a paper arguing that its activities are fundamentally different from those of its adversaries. In contrast to the “reckless” cyberattacks which U.K. says [Russia](https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed) and [China](https://www.ncsc.gov.uk/news/uk-condemns-chinese-cyber-attacks-against-businesses-governments) have engaged in - namely the destructive NotPetya |
NotPetya NotPetya | ★★ | |
 |
2022-11-04 18:38:41 | Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup (lien direct) | >Cyber insurance have already started to find other ways to avoid covering losses related to cyberattacks linked to nation-state hackers. | NotPetya NotPetya | ||
|
2022-11-03 15:00:00 | Zurich and Mondelez Reach NotPetya Settlement, but Cyber-Risk May Increase (lien direct) | The parties have mutually resolved the matter, but details of the settlement were not provided | NotPetya NotPetya | ||
 |
2022-11-03 10:41:00 | Mondelez and Zurich\'s NotPetya cyber-attack insurance settlement leaves behind no legal precedent (lien direct) | Multinational food and beverage company Mondelez International and Zurich American Insurance have settled their multiyear litigation surrounding the cyberattack coverage – or lack of such coverage – following the NotPetya malware attack that damaged the Mondelez network and infrastructure. The specifics of the settlement are unknown, but that it would come mid-trial has caught everyone's attention.The pain was felt on June 27, 2017, when NotPetya wiped out 24,000 laptops and 1,700 servers within the Mondelez network. The malware, designed to destroy, did just that. Mondelez estimated damages would approach $100 million USD.To read this article in full, please click here | Malware | NotPetya NotPetya | ★★★★ |
 |
2022-11-02 07:29:05 | Ritz cracker giant settles bust-up with insurer over $100m+ NotPetya cleanup (lien direct) | Deal could 'upend the entire cyber-insurance ecosystem and make it almost impossible to get meaningful cyber coverage' Mondelez International has settled its lawsuit against Zurich American Insurance Company, which it brought because the insurer refused to cover the snack giant's $100-million-plus cleanup bill following the 2017 NotPetya outbreak.… | NotPetya NotPetya | ||
 |
2022-10-19 17:37:26 | Persistent pests: A taxonomy of computer worms (lien direct) | Many of the most notorious ransomware attacks, including WannaCry and NotPetya, began with a worm. Here's how you can help stop the spread. | Ransomware | NotPetya Wannacry Wannacry | |
|
2022-10-06 10:00:00 | 7 Biggest Cybersecurity Threats of the 21st Century (lien direct) | This blog was written by an independent guest blogger. The 21st century has seen a dramatic increase in the number and sophistication of cybersecurity threats. Here are the 7 biggest threats that businesses and individuals need to be aware of. Ransomware as a service In the past few years, ransomware has become one of the most popular tools for cybercriminals. Ransomware as a service (RaaS) is a new business model that allows anyone with little to no technical expertise to launch their own ransomware attacks. All they need is to sign up for a RaaS platform and pay a fee (usually a percentage of the ransom they collect). RaaS is a growing threat because it makes it easy for anyone to launch attacks. Cybercriminals can target any organization, no matter its size or resources. And, because RaaS platforms typically take care of all the technical details, ransomware attacks can be launched with little effort. In the past several years, there have been a number of high-profile ransomware attacks that have made headlines. In May 2017, the WannaCry ransomware attack affected more than 200,000 computers in 150 countries. The attack caused billions of dollars in damage and disrupted critical infrastructure, such as hospitals and banks. In December 2017, the NotPetya ransomware attack hit more than 10,000 organizations in over 60 countries. The attack caused billions of dollars in damage and disrupted critical infrastructure, such as hospitals and banks. Ransomware attacks have become more sophisticated and targeted. Cybercriminals are now using RaaS platforms to launch targeted attacks against specific organizations. These attacks are often called "spear phishing" attacks because they use carefully crafted emails to trick people into clicking on malicious links or opening attachments that install ransomware on their computers. Organizations of all sizes need to be aware of the threat of ransomware and take steps to protect themselves. This includes having a robust backup and recovery plan in place in case of an attack. Internet of Things The Internet of Things (IoT) is a network of physical devices, vehicles, home appliances, and other items that are embedded with electronics, software, sensors, and connectivity enabling these objects to connect and exchange data. The IoT is a growing market with more and more devices being connected to the internet every day. However, this also creates new security risks. Because IoT devices are often connected to the internet, they can be hacked and used to launch attacks. In October 2016, a massive Distributed Denial of Service (DDoS) attack was launched against the Dyn DNS service using a network of IoT devices that had been infected with the Mirai malware. The attack caused widespread internet disruptions and took down major websites, such as Twitter and Netflix. The IoT presents a unique challenge for security because there are so many different types of devices that can be connected to the internet. Each type of device has its own security risks and vulnerabilities. And, as the number of IoT devices continues to grow, so do the opportunities for cybercriminals to exploit them. Cloud security The cloud has become an essential part of business for many organizations. It offers a number of advantages, such as flexibility, scalability, and cost savings. However, the cloud also creates new security risks. One of the biggest security risks associated with the cloud is data breaches. Because data is stored remotely on servers, it is more vulnerable to attack. In addition, cloud service providers often have access to customer data, which creates another potential point of entry for hackers. Another security risk associated with the | Ransomware Malware Threat | NotPetya NotPetya Wannacry Wannacry | |
 |
2022-08-18 08:00:00 | Ukraine and the fragility of agriculture security (lien direct) |  By Joe Marshall.The war in Ukraine has had far-reaching global implications and one of the most immediate effects felt will be on the global supply chain for food. This war-induced fragility has exposed the weaknesses of how we feed ourselves globally. Ransomware cartels and other adversaries are well aware of this and are actively exploiting that fragility. For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement stretches the gamut from commercial to critical infrastructure, to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way. Ukraine has been a frequent victim of state-sponsored cyber attacks aimed at critical infrastructures like power and transportation. Talos is proud to stand with our partners in Ukraine and help defend their critical networks and help users there maintain access to necessary services. Now that Russia has invaded Ukraine, those threats have escalated to kinetic attacks that are wreaking havoc on a critical element of our world: agriculture and our global food supply chain. Even worse is the implications this war will have for future cyber attacks, as fragility is considered a lucrative element in deciding victimology by threat actors like ransomware cartels. To truly grasp the implications of the war in Ukraine, we have to examine how vital Ukrainian agriculture feeds the world, the current state of affairs, and what this means for the global cybersecurity posture to protect agricultural assets. Where there is weakness, there is opportunityRansomware cartels and their affiliates are actively targeting the agricultural industry. Moreover, these actors have done their homework and are targeting agricultural companies during the two times of the year where they cannot suffer disruptions: planting and harvesting. Per the published FBI PIN Alert: “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.” This is far from unusual for these adversaries - they are shrewd and calculating, and understand their victims' weaknesses and industries. H |
Ransomware Threat Guideline Cloud | NotPetya Uber APT 37 APT 32 APT 28 APT 10 APT 21 Guam | |
 |
2022-07-05 15:55:19 | Cyberattaque NotPetya, cinq ans après : quelles leçons en tirer ? (lien direct) | >La semaine dernière a marqué le cinquième anniversaire des cyberattaques NotPetya, qui ont entraîné des conséquences destructrices dans le monde entier. The post Cyberattaque NotPetya, cinq ans après : quelles leçons en tirer ? first appeared on UnderNews. | NotPetya | ||
 |
2022-07-05 08:37:42 | EternalBlue 5 years after WannaCry and NotPetya, (Tue, Jul 5th) (lien direct) | We are about two months past the 5-year anniversary of WannaCry outbreak[1] and about a week past the 5-year anniversary of NotPetya outbreak[2]. Since both WannaCry and NotPetya used the EternalBlue[3] exploit in order to spread, I thought that it might be interesting to take a look at how many internet-facing systems still remain vulnerable to it. | NotPetya NotPetya Wannacry Wannacry | ||
 |
2022-06-28 13:59:34 | How Can We Protect Against NotPetya Like Malware? (lien direct) | Today is the five-year anniversary of NotPetya. We asked the following question to InfoSec experts and below are the responses: What do you think of five year anniversary of NotPetya? | NotPetya | ||
|
2022-06-27 02:00:00 | 5 years after NotPetya: Lessons learned (lien direct) | On June 27, 2017, the eve of Ukraine's Constitution Day holiday, a major global cyberattack was launched, infecting more than 80 companies in that country using a brand-new cyber pathogen that became known as NotPetya. NotPetya didn't stay within Ukraine's borders but spilled out to infect and cause havoc for thousands of organizations across Europe and worldwide.NotPetya was so named because it was similar to but different from Petya, a self-propagating ransomware virus discovered in 2016 that, unlike other nascent forms of ransomware at the time, was incapable of being decrypted. In another departure from the earlier forms of ransomware, Petya also overwrote and encrypted master boot records and was, therefore, considered more a form of wiper malware than bona fide ransomware.To read this article in full, please click here | Ransomware Malware | NotPetya NotPetya | |
|
2022-06-23 10:11:31 | Mouvements latéraux : le succès des récents malwares (lien direct) | Trop souvent méconnu, le mouvement latéral est pourtant la principale raison de l'ampleur insoupçonnée qu'ont pris les cyberattaques depuis plusieurs années. Kesako ? Pourquoi si peu d'organisations prennent en compte cette technique utilisée par les cybercriminels ? Comment s'en prémunir ? Décryptage. Un objectif : gagner en privilèges Vecteur de diffusion des malwares comme WannaCry et NotPetya, la technique du mouvement latéral a largement contribué au succès de ces attaques. Le principe de cette (...) - Points de Vue | Malware | NotPetya Wannacry Wannacry | |
 |
2022-06-22 13:00:00 | RSA 2022: Cyber Attacks Continue to Come in Ever-Shifting Waves (lien direct) | Supply chains, trust, and the Internet itself remain prime targets. When Russia launched wide-ranging cyber-attacks while its army invaded Ukraine, it also deployed waves of wiper malware to destroy data. The first wave targeted the data on the disks. As Ukraine fortified its defenses in that area, the second wave left the data on the disks alone and went after the metadata. The third wave bypassed the two previous targets and attacked the file systems. As depicted in global news and during sessions of the RSA conference, this was a very methodical and effective approach designed to inflict maximum amounts of damage, and it reflects the methodical, often relentless, attack approaches shaping the threat landscape. In particular, as organizations fortify their defenses, adversaries will continue to focus on trust to gain access, using your partners, your vendors, and your employees against you. What does this mean for enterprise users? As we discussed in our previous post on cyber threats, organizations must find new and novel defenses against adversaries who increasingly shift tactics. As adversaries become more nuanced, we must understand their moves and motivations to try to get one step ahead of them. Let’s Recap: Several high-profile security incidents in the recent past altogether grimly encapsulate the myriad challenges companies now face. NotPetya, the most expensive cyber incident in history, demonstrated how attackers are masquerading their efforts. NotPetya targeted a tax software company in Ukraine in 2017. At first, the effort appeared to be ransomware. However, its intent was purely destructive as it was designed to inflict damage as quickly and effectively as possible. The C Cleaner attack, a few months later, demonstrated how complex and patient actors who were focused on IP level threats had become. The targets were system administrative tools that, if compromised, already had an increased level of access. C Cleaner showed that all software supply chain attacks aren’t created equal. It’s dependent on the level of access of the systems and the users that you’re compromising. Some 3 million versions of the compromised C Cleaner software were downloaded. However, only 50 of the downloaded software received additional payloads. This was an adversary that was willing to compromise more than 3 million systems to just get a foothold into 50. This gives you a clear idea of the challenges that we face as enterprises from these types of sophisticated actors. Attackers are also being more flagrant and doing a better job of covering their tracks. In the past, nation states focused on covert activities. Olympic Destroyer, which targeted the 2018 Olympics in South Korea, showed how attacks are now being brought to the public eye. False flags, tactics applied to deceive or misguide attribution attempts, were also put into Olympic Destroyer. Six months after the attack, it was attributed to multiple different nations, because such care had been put into throwing off attribution. More recently, VPN Filter/Cyber Blink demonstrated how adversaries are targeting different types of equipment. While attacks have historically focused on office equipment, these incidents shifted to home routers, in tandem with the increase in remote work. At home, people often use combination modem routers. These devices challenge detection capabilities. A foothold into home routers also allows actors to analyze all traffic moving in and out of the network. It’s incredibly difficult to detect an attack. You have to treat a home Wi-Fi like a public Wi-Fi at a coffee shop. Threat actors are targeting the foundational infrastructure of the internet as well. Sea T | Malware Tool Threat | NotPetya NotPetya | |
 |
2022-04-28 08:32:28 | US offers $10 million reward for information about Russian military hackers implicated in NotPetya attack (lien direct) | The United States has made it $10 million harder to keep your mouth shut, if you happen to have any information about the Russian military hackers who masterminded the notorious NotPetya cyber attack. Read more in my article on the Hot for Security blog. | NotPetya NotPetya | ||
|
2022-04-27 09:25:59 | US pledges $10m for Sandworm information (lien direct) | Authorities in the United States have offered a $10m reward for anyone that can help locate or identify six members of a state-sponsored Russian hacking group responsible for NotPetya. The call for information was issued by the Department of State’s Rewards for Justice (RFJ). The six officers of the Main Intelligence Directorate of the General […] | NotPetya | ||
|
2022-04-27 08:00:00 | US Offers $10m for Russian NotPetya Sandworm Team (lien direct) | Military officers were indicted for the campaign in 2020 | NotPetya NotPetya | ||
|
2022-04-26 21:17:48 | US Offers $10 Million Reward for Russian Intelligence Officers Behind NotPetya Cyberattacks (lien direct) | The U.S. Department of State is offering a reward of up to $10 million for information on the attackers behind the June 2017 “NotPetya” cyberattacks that had a massive impact on companies globally. | NotPetya NotPetya | ||
 |
2022-03-25 20:02:36 | Webinar April 7th: 2021 MITRE ATT&CK Evaluations Explained (lien direct) |
The 2021 Round 4 MITRE ATT&CK evaluations focused on Wizard Spider and Sandworm, threat actor groups known to target large corporations and healthcare institutions. Wizard Spider is largely a financially motivated ransomware crime group conducting campaigns since 2017. The Sandworm team is a Russian Threat group that has been linked to the 2015 and 2016 targeting of Ukrainian electrical companies and the 2017 NotPetya attacks. |
Ransomware Threat | NotPetya NotPetya | |
 |
2022-03-18 17:17:17 | Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet (lien direct) | The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said. | NotPetya NotPetya | ||
|
2022-03-01 19:07:44 | (Déjà vu) CyberheistNews Vol 12 #09 [Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk (lien direct) |
[Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk
Email not displaying? |
CyberheistNews Vol 12 #09 | Mar. 1st., 2022
[Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk
The war in Ukraine increases the risk of wiper malware to spill over. I'm sure you remember NotPetya, which caused billions of dollars of downtime damage. The WSJ reports that Symantec observed wiper malware was put in motion just hours before Russian tanks arrived in Ukraine.
|
Malware | NotPetya | |
|
2022-03-01 13:52:26 | DiskKill/HermeticWiper and NotPetya (Dis)similarities (lien direct) | Many security researchers, professional cybersecurity analysts and cybsec organizations realized great analyses on DiskKill (HermeticWiper), some of my favorite are HERE, HERE and HERE. Today what I’d like to do, is to focus on specific HermeticWiper characteristics and looking for similarities (or differences) to another similar (and well known) cyber attack happened in Ukraine few […] | NotPetya NotPetya | ||
 |
2022-02-28 12:26:10 | Insurance Coverage for NotPetya Losses (lien direct) | Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons..” | NotPetya NotPetya | ||
|
2022-02-25 12:12:46 | [Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk (lien direct) |
![[Heads Up] The Ukraine War Started A New Wiper Malware Spillover Risk](https://blog.knowbe4.com/hubfs/RTS5RLIM.jpg)
The war in Ukraine increases the risk of wiper malware to spill over. I'm sure you remember NotPetya, which caused billions of dollars of downtime damage. The WSJ reports that Symantec observed wiper malware was put in motion just hours before Russian tanks arrived in Ukraine. |
Malware | NotPetya | |
|
2022-02-01 18:55:00 | Anomali Cyber Watch: Researchers Break Down WhisperGate Wiper Malware, Trickbot Will Now Try To Crash Researcher PCs to Stop Reverse Engineering Attempts, New DeadBolt Ransomware Targets QNAP Devices (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: CVE-2022-21882, DazzleSpy , DeadBolt, DTPacker, Trickbot, and WhisperGate. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Windows Vulnerability With New Public Exploits Lets You Become Admin
(published: January 29, 2022)
A new vulnerability, tracked as CVE-2022-21882 was discovered by researcher RyeLv in early January 2022. The exploit is a bypass to a previous vulnerability, CVE-2021-1732, and affects all Windows 10 machines that have not applied January’s Patch Tuesday patch. This vulnerability is a privilege escalation exploit, which grants administrator level privileges and allows for the creation of new admin accounts, as well as lateral movement. The exploit abuses a flaw in the manner in which the kernel handles callbacks, changing the flag ConsoleWindow. This will modify the window type, and tricks the system into thinking tagWND.WndExtra is an offset of the kernel desktop heap, thereby granting administrator level read and write access.
Analyst Comment: Apply patches when they become available to keep your systems and assets protected from the latest attacks and vulnerabilities. This is essential when new vulnerabilities are discovered as threat actors will actively attempt to exploit them. A strong patch management policy combined with an effective asset management policy will assist you in keeping your assets up to date and protected.
MITRE ATT&CK: [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Exploitation for Privilege Escalation - T1068 | [MITRE ATT&CK] Process Discovery - T1057
Tags: Windows, Priviledge escalation, CVE-2021-1732, CVE-2022-21882
Shipment-Delivery Scams Become the Favored Way to Spread Malware
(published: January 28, 2022)
Researchers at Cofense and Checkpoint have documented a series of Phishing campaigns throughout Q4 of 2021. The campaign imitates large known delivery brands such as DHL or the US postal service, and aims to abuse the trust these companies have associated with them to manipulate their targets into clicking malicious links or files. The most prominent tactic is to provide a link to a missed package, capitalizing on current global supply chain issues. Once clicked, TrickBot malware is delivered, though other campaigns are delivering as of yet non-attributed trojans. The malicious links in these campaigns are not particularly sophisticated, and are easily identified as false as they lead to domains outside the company they are targeting.
Analyst Comment: Never click on attachments or links from untrustworthy sources, and verify with the legitimate sender the integrity of these emails. Treat any email that attempts to scare, coerce, provide a time limit or force you to click links or attachments with extreme suspicion.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Phishing |
Ransomware Malware Vulnerability Threat Guideline | NotPetya | |
|
2022-02-01 14:37:29 | CyberheistNews Vol 12 #05 [Heads Up] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential (lien direct) |
![CyberheistNews Vol 12 #05 [Heads Up] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential](https://blog.knowbe4.com/hubfs/Stu_Headshot_2021_resize.png)
|
Ransomware Malware Hack Tool Threat Guideline | NotPetya NotPetya Wannacry Wannacry APT 27 APT 27 | |
|
2022-01-27 13:01:08 | [Heads Up!] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential (lien direct) |
![[Heads Up!] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential](https://blog.knowbe4.com/hubfs/NotPetya_But_Wiper.jpg)
CNN just reported on a Jan 23 Intelligence Bulletin from the US Department of Homeland Security (DHS) that warned state and local governments and critical infrastructure operators about the risk of Russia hitting the US with cyberattacks in retaliation for a possible US or NATO response to a potential Russian invasion of Ukraine. |
NotPetya | ||
|
2022-01-25 15:35:59 | Merck Wins Insurance Lawsuit re NotPetya Attack (lien direct) | The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software... | NotPetya NotPetya | ||
|
2022-01-24 20:05:48 | Court Awards Merck $1.4B Insurance Claim Over NotPetya Cyberattack (lien direct) | 
New Jersey court delivers summary judgment against insurance company's refusal to pay based on war exclusion clause
|
NotPetya NotPetya | ||
 |
2022-01-22 06:47:43 | Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine (lien direct) | Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, | Malware | NotPetya NotPetya | |
|
2022-01-21 20:27:15 | Merck Awarded $1.4B Insurance Payout over NotPetya Attack (lien direct) | Court rules 'War or Hostile Acts' exclusion doesn't apply to the pharma giant's 2017 cyberattack. | NotPetya NotPetya | ||
|
2022-01-21 09:00:00 | Merck Wins $1.4bn NotPetya Payout from Insurer (lien direct) | Judge rules “act-of-war” clause only applies to armed conflict | NotPetya NotPetya | ||
|
2022-01-17 09:20:00 | Microsoft Warns of Destructive Malware Campaign Targeting Ukraine (lien direct) | NotPetya-like attacks are disguised as ransomware | Malware | NotPetya | |
 |
2021-12-05 19:50:59 | Jouer avec Named Pipe et NotPetya Playing With Named Pipe and NotPetya (lien direct) |
Il y a longtemps, dans une galaxie très loin, je m'amusais en inversant Notpetya.
Les fichiers ont été abandonnés par NotPetya pendant l'analyse dynamique, j'ai identifié certains fichiers abandonnés sur le disque par l'échantillon.
Les fichiers sont tombés sur le disque
Un fichier exécuté utilisant un tuyau nommé l'un d'eux a attiré mon attention: il est exécuté par l'échantillon avec un argument de tuyau nommé.
Un binaire exécuté avec un argument de pipe nommé
A long time ago, in a galaxy far far away, I was having fun reversing NotPetya. Files dropped by NotPetya During the dynamical analysis, I identified some files dropped on the disk by the sample. Files dropped in the disk An executed file using named pipe One of them caught my eye: it is executed by the sample with a named pipe argument. A binary executed with named pipe argument |
Technical | NotPetya | ★★★★ |
|
2021-10-21 12:31:48 | CISO Stories Podcast: NotPetya - 45 Minutes and 10,000 Servers Encrypted (lien direct) |
Learn how to prepare and reduce the risk of the next ransomware event as Todd Inskeep, Founder at Incovate Solutions, walks us through the lessons learned after managing out of a NotPetya ransomware attack. Will you be ready? Don't miss this podcast for valuable insights from a real-life scenario - check it out... |
Ransomware | NotPetya NotPetya | |
|
2021-06-15 13:46:35 | Deja Vu: What Do NotPetya and SolarWinds Have in Common? (lien direct) |
As I was waking up in Boston on the morning of June 27, 2017, reports were being shared on social media that an electric power supplier in Ukraine was hit by a cyber attack. Within about an hour, a Danish power supplier was also knocked offline and Maersk shipping announced that it was affected as well. By the time I arrived at my desk, companies around the world were shut down by the same attack--which Symantec declared as Petya ransomware. It was going to be a busy and interesting day. |
NotPetya NotPetya | ||
 |
2021-06-06 11:30:45 | (Déjà vu) Hacker lexicon: What is a supply chain attack? (lien direct) | From NotPetya to SolarWinds, it's a problem that's not going away any time soon. | NotPetya NotPetya |
To see everything:
Our RSS (filtrered)
