What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-31 11:00:00 | What Is a Supply Chain Attack? (lien direct) | From NotPetya to SolarWinds, it's a problem that's not going away any time soon. | NotPetya NotPetya | ||
 |
2021-05-19 10:13:00 | 67% des environnements d\'entreprise fonctionnent encore avec des protocoles exploités par WannaCry et NotPetya (lien direct) | 67% des environnements d'entreprise fonctionnent encore avec des protocoles vulnérables exploités par WannaCry et NotPetya. ExtraHop, éditeur de solutions de détection et réponse réseau, a récemment publié une étude sur la persistance des protocoles vulnérable dans les réseaux d'entreprise. The post 67% des environnements d'entreprise fonctionnent encore avec des protocoles exploités par WannaCry et NotPetya first appeared on UnderNews. | NotPetya NotPetya Wannacry Wannacry | ||
 |
2021-03-22 13:08:36 | Malicious Life Podcast: Inside NotPetya, Part 2 (lien direct) |
Many of you may have already heard of Amit Serper: he was the first researcher to tackle NotPetya and provide a solution when he was Principal Security Researcher at Cybereason back in 2017. |
NotPetya NotPetya | ||
|
2021-03-03 14:00:00 | Malicious Life Podcast: Inside NotPetya, Part 1 (lien direct) |
On June 28th, 2017, millions of Ukrainians were celebrating Constitution Day. Their national holiday turned into a nightmare, as tens of thousands of computers all over the country were infected by mysterious malware. By that afternoon, the cyber-pandemic was already going global. |
NotPetya | ||
 |
2021-02-28 20:05:19 | We are living in 1984 (ETERNALBLUE) (lien direct) | In the book 1984, the protagonist questions his sanity, because his memory differs from what appears to be everybody else's memory.The Party said that Oceania had never been in alliance with Eurasia. He, Winston Smith, knew that Oceania had been in alliance with Eurasia as short a time as four years ago. But where did that knowledge exist? Only in his own consciousness, which in any case must soon be annihilated. And if all others accepted the lie which the Party imposed-if all records told the same tale-then the lie passed into history and became truth. 'Who controls the past,' ran the Party slogan, 'controls the future: who controls the present controls the past.' And yet the past, though of its nature alterable, never had been altered. Whatever was true now was true from everlasting to everlasting. It was quite simple. All that was needed was an unending series of victories over your own memory. 'Reality control', they called it: in Newspeak, 'doublethink'.I know that EternalBlue didn't cause the Baltimore ransomware attack. When the attack happened, the entire cybersecurity community agreed that EternalBlue wasn't responsible.But this New York Times article said otherwise, blaming the Baltimore attack on EternalBlue. And there are hundreds of other news articles [eg] that agree, citing the New York Times. There are no news articles that dispute this.In a recent book, the author of that article admits it's not true, that EternalBlue didn't cause the ransomware to spread. But they defend themselves as it being essentially true, that EternalBlue is responsible for a lot of bad things, even if technically, not in this case. Such errors are justified, on the grounds they are generalizations and simplifications needed for the mass audience.So we are left with the situation Orwell describes: all records tell the same tale -- when the lie passes into history, it becomes the truth.Orwell continues:He wondered, as he had many times wondered before, whether he himself was a lunatic. Perhaps a lunatic was simply a minority of one. At one time it had been a sign of madness to believe that the earth goes round the sun; today, to believe that the past is inalterable. He might be ALONE in holding that belief, and if alone, then a lunatic. But the thought of being a lunatic did not greatly trouble him: the horror was that he might also be wrong.I'm definitely a lunatic, alone in my beliefs. I sure hope I'm not wrong. Update: Other lunatics document their struggles with Minitrue: When I was investigating the TJX breach, there were NYT articles citing unnamed sources that were made up & then outlets would publish citing the NYT. The TJX lawyers would require us to disprove the articles. Each time we would. It was maddening fighting lies for 8 months.— Nicholas J. Percoco (@c7five) March 1, 2021 |
Ransomware | NotPetya Wannacry APT 32 | |
 |
2020-10-29 10:05:00 | \'Act of War\' Clause Could Nix Cyber Insurance Payouts (lien direct) | The indictment of six members of the Russian military for the NotPetya ransomware attack places companies on notice that insurance "is not a get-out-of-jail-free card." | Ransomware | NotPetya | |
 |
2020-10-20 07:30:53 | U.S. Charges Russia GRU Intelligence Officers for notorious attacks, including NotPetya (lien direct) | The U.S. DoJ announced charges against six Russian intelligence officers for their role in several major cyberattacks carried out over the last years. The U.S. Department of Justice announced charges against six members of Russia's GRU military intelligence agency for their alleged role in several major cyberattacks conducted over the past years. The defendants are Yuriy […] | NotPetya | ||
 |
2020-10-19 17:03:00 | US charges Russian hackers behind NotPetya, KillDisk, OlympicDestroyer attacks (lien direct) | The US Department of Justice has unsealed today charges against six GRU officers believed to be members of Sandworm, one of today's most advanced state-sponsored hacking groups. | NotPetya | ||
 |
2020-08-04 17:33:26 | EU Applies First Ever Sanctions In Response To Cyber-Attacks (lien direct) | The EU has applied its first ever sanctions in retaliation for cyber-attacks carried out by state-backed Chinese, Russian and North Korean hackers over recent years. The bloc said it will impose a travel ban and asset freeze on six individuals and three entities in response to the Operation Cloud Hopper, WannaCry and NotPetya attacks, as well as an attempted breach of security … The ISBuzz Post: This Post EU Applies First Ever Sanctions In Response To Cyber-Attacks | NotPetya Wannacry | ||
 |
2020-07-31 11:31:24 | EU imposes sanctions on North Korean, Chinese and Russian-backed cyberattackers (lien direct) | The European council announced today that it will impose “restrictive measures against six individuals and three entities responsible for or involved in various cyber-attacks. These include the attempted cyber-attack against the OPCW (Organisation for the Prohibition of Chemical Weapons) and those publicly known as ‘WannaCry’, ‘NotPetya’, and ‘Operation Cloud Hopper’.” The measures will include a travel ban and asset freeze, and constitute the very first sanctions […] | NotPetya Wannacry | ||
 |
2020-07-31 06:47:40 | EU sanctions hackers from China, Russia, North Korea who\'re wanted by the FBI (lien direct) | The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states.
The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are 'WannaCry', 'NotPetya', and 'Operation Cloud |
NotPetya Wannacry | ||
|
2020-07-30 19:19:01 | EU sanctions for WannaCry, NotPetya, OPCW & Cloud Hopper attackers (lien direct) | Individuals and entities from North Korea, China and Russia, responsible for or involved in ‘WannaCry’, ‘NotPetya’, ‘Operation Cloud Hopper’ and the OPCW (Organisation for the Prohibition of Chemical Weapons) cyber attacks have been identified and received travel bans and an asset freeze in the first ever imposition of restrictive sanctions by the EU Council. EU persons and entities are also […] | NotPetya Wannacry | ||
|
2020-07-19 17:07:57 | How CEOs think (lien direct) | Recently, Twitter was hacked. CEOs who read about this in the news ask how they can protect themselves from similar threats. The following tweet expresses our frustration with CEOs, that they don't listen to their own people, but instead want to buy a magic pill (a product) or listen to outside consultants (like Gartner). In this post, I describe how CEOs actually think.CEO : "I read about that Twitter hack. Can that happen to us?"Security : "Yes, but ..."CEO : "What products can we buy to prevent this?"Security : "But ..."CEO : "Let's call Gartner."*sobbing sounds*- Wim Remes (@wimremes) July 16, 2020The only thing more broken than how CEOs view cybersecurity is how cybersecurity experts view cybersecurity. We have this flawed view that cybersecurity is a moral imperative, that it's an aim by itself. We are convinced that people are wrong for not taking security seriously. This isn't true. Security isn't a moral issue but simple cost vs. benefits, risk vs. rewards. Taking risks is more often the correct answer rather than having more security.Rather than experts dispensing unbiased advice, we've become advocates/activists, trying to convince people that they need to do more to secure things. This activism has destroyed our credibility in the boardroom. Nobody thinks we are honest.Most of our advice is actually internal political battles. CEOs trust outside consultants mostly because outsiders don't have a stake in internal politics. Thus, the consultant can say the same thing as what you say, but be trusted.CEOs view cybersecurity the same way they view everything else about building the business, from investment in office buildings, to capital equipment, to HR policies, to marketing programs, to telephone infrastructure, to law firms, to .... everything.They divide their business into two parts:The first is the part they do well, the thing they are experts at, the things that define who they are as a company, their competitive advantage.The second is everything else, the things they don't understand.For the second part, they just want to be average in their industry, or at best, slightly above average. They want their manufacturing costs to be about average. They want the salaries paid to employees to be about average. They want the same video conferencing system as everybody else. Everything outside of core competency is average.I can't express this enough: if it's not their core competency, then they don't want to excel at it. Excelling at a thing comes with a price. They have to pay people more. They have to find the leaders with proven track records at excelling at it. They have to manage excellence.This goes all the way to the top. If it's something the company is going to excel at, then the CEO at the top has to have enough expertise themselves to understand who the best leaders to can accomplish this goal. The CEO can't hire an excellent CSO unless they have enough competency to judge the qualifications of the CSO, and enough competency to hold the CSO accountable for the job they are doing.All this is a tradeoff. A focus of attention on one part of the business means less attention on other parts of the business. If your company excels at cybersecurity, it means not excelling at some other part of the business.So unless you are a company like Google, whose cybersecurity is a competitive advantage, you don't want to excel in cybersecurity. You want to be | Ransomware Guideline | NotPetya | |
|
2020-07-10 07:27:19 | Pas de crise de la trentaine pour les ransomwares (lien direct) |  Trente ans après le premier ransomware[1], ce type de logiciels malveillants chiffrant les données de leurs victimes jusqu'à l'obtention d'une rançon a toujours le vent en poupe. En 2017, les ransomwares avaient fait la une de l'actualité cyber. En effet, mai 2017 fut marqué par WannaCry qui bouscula le monde entier et causa des pertes consolidées qui s'élèveraient à 4 milliards de dollars. Les entreprises ne s'étaient pas encore remises de cette méga attaque qu'un nouveau ransomware, NotPetya, frappait un mois plus tard, causant 10 milliards[2] de dollars de dommages. |
NotPetya Wannacry | ||
 |
2020-06-25 12:48:10 | The inside story of the Maersk NotPetya ransomware attack, from someone who was there (lien direct) | Gavin Ashton was an IT security guy working at Maersk at the time of it was hit hard by the NotPetya ransomware. Now he’s written an article about his experiences, and shares advice for others. | Ransomware | NotPetya | |
 |
2020-06-24 13:01:51 | 3 ans après, le spectre de NotPetya est toujours présent (lien direct) | Le nom de NotPetya est familier à toute personne intéressée par le sujet de la cybersécurité. NotPetya est désormais connue comme la 3èmecyberattaque mondiale, survenue en 2017, après les non moins célèbres Wannacry et Adylkuzz. Apparue le 27 juin 2017, NotPetya a été défini comme un ransomware - puisque demandant le paiement d'une rançon – mais d'un genre un peu nouveau puisqu'il agissait d'un malware destructeur de données – wiper - se propageant comme un ver informatique. NotPetya était surtout basé, comme (...) - Points de Vue | Ransomware Malware | NotPetya Wannacry | ★★★ |
|
2020-06-24 12:58:27 | La cyberattaque mondiale NotPetya fête ses 3 ans : analyse et enseignements à tirer (lien direct) | Le samedi 27 juin 2020 marquera les trois ans de la cyberattaque NotPetya, qui s'était répandue massivement dans les réseaux informatiques des organisations à travers le monde. La rapidité de sa propagation et les vulnérabilités utilisées en ont fait un malware redoutable qui est, encore aujourd'hui, un cas d'école pour les équipes IT. Selon Jakub Kroustek, Threat Lab Team Lead chez Avast, ce ransomware a bousculé les systèmes informatiques mondiaux et, trois ans plus tard, beaucoup de mauvaises (...) - Points de Vue | Ransomware Malware Threat Guideline | NotPetya | |
|
2020-06-23 09:25:01 | Experts\' Reactions on NotPetya Cyber Attack Anniversary (lien direct) | On Saturday, it is the third anniversary of the NotPetya ransomware attack, one of the most devastating cyberattacks since the invention of the internet. It is thought that the total damages of the attack were in excess of $10 billion. This is a superb insider account of what happened at Maersk with the notPetya attack … The ISBuzz Post: This Post Experts’ Reactions on NotPetya Cyber Attack Anniversary | Ransomware | NotPetya | |
|
2020-03-12 12:00:00 | A New Wormable Windows Vulnerability Has No Patch in Sight (lien direct) | The flaw has the potential to unleash the kind of attacks that allowed WannaCry and NotPetya to cripple business networks around the world. | Vulnerability | NotPetya Wannacry | |
 |
2020-01-28 17:45:00 | C-suite unprepared for NotPetya and other extinction-level cyberattacks (lien direct) | Many executives either don't know what their company's cyber defense is, lack budget, or spend too much time analyzing rather than taking action. | NotPetya | ||
 |
2019-12-19 18:03:33 | A decade in cybersecurity fails: the top breaches, threats, and \'whoopsies\' of the 2010s (lien direct) |
As the 2010s come to a close, we take a snarky walk down memory lane, listing the craziest, most impactful, or simply just awful cybersecurity fails of the decade.
Categories:
Awareness
Tags: ashley madisonashley madison hackBadRabbitcambridge analyticacryptolockercryptolocker ransomwareData privacyEdward Snowdenemotetexploitsfacebookhacktivismmat honanNotPetyaNSAnsa spyingnsa surveillanceNSA toolsplaystation breachplaystation hackransomwareryukRyuk ransomwaresecurity failsshadow brokerssocial mediasonysony pictures hacksurveillancetarget breachtarget hacktrickbottriple threatWannaCry
(Read more...)
|
NotPetya Wannacry | ||
 |
2019-12-03 17:12:11 | NBlog Dec 3 - infosec driving principles (lien direct) | In an interview for CIO Dive, Maersk's recently-appointed CISO Andy Powell discussed aligning the organization with these five 'key operating principles': "The first is trust. The client has got to trust us with their data, to trust us to look at their business. So we've got to build trust through the cybersecurity solutions that we put in place. That is absolutely fundamental. So client trust, client buy-in has been fundamental to what we tried to drive as a key message. The second is resilience. Because you've got to have resilient systems because clients won't give you business if you're not resilient ... The third really is around the fact that security is everybody's responsibility. And we push that message really hard across the company … be clear about what you need to do and we train people accordingly. ...The fourth one really is accountability of security and I have pushed accountability for cyber risk to the business. ... And the final piece, and this has been one of the big call outs of my team to everybody, is that security is a benefit, not a burden. The reason I say that is people's perception is that security will slow things down, will get in the way ... the reality is that if you involve security early enough, you can build solutions that actually attract additional clients."Fair enough Andy. I wouldn't particularly quarrel with any of them, but as to whether they would feature in my personal top-five I'm not so sure. Here are five others they'd be competing against, with shipping-related illustrations just for fun:Governance involves structuring, positioning, setting things up and guiding the organization in the right overall direction - determining then plotting the optimal route to the ship's ultimate destination, loading up with the right tools, people and provisions. Corporate governance necessarily involves putting things in place for both protecting and exploiting information, a vital and valuable yet vulnerable business asset;Information is subject to risks that can and probably should be managed proactively, just as a ship's captain doesn't merely accept the inclement weather and various other hazards but, where appropriate, actively mitigates or avoids them, dynamically reacting and adjusting course as things change;Flexibility and responsiveness, along with resilience and ro |
Tool Guideline | NotPetya | |
|
2019-11-15 13:00:00 | The Evidence That Links Russia\'s Most Brazen Hacking Efforts (lien direct) | From the 2017 French election to the Olympics to NotPetya, the same group's fingerprints have appeared again and again. | NotPetya | ||
 |
2019-10-09 03:00:00 | Rebuilding after NotPetya: How Maersk moved forward (lien direct) | Few cyber incidents are as well-known as the NotPetya attack in 2017. The attack crippled a number of companies, none more publicly than shipping giant Maersk, which temporarily lost its entire global operations. | NotPetya | ||
|
2019-09-28 13:00:00 | A DoorDash Breach Exposes Data of 4.9 Million Customers (lien direct) | A NotPetya lawsuit, bricked Mac Pros, and more of the week's top security news. | NotPetya | ||
|
2019-09-26 13:24:44 | CrowdStrike-Ukraine Explained (lien direct) | Trump's conversation with the President of Ukraine mentions "CrowdStrike". I thought I'd explain this.What was said?This is the text from the conversation covered in this“I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike... I guess you have one of your wealthy people... The server, they say Ukraine has it.”Personally, I occasionally interrupt myself while speaking, so I'm not sure I'd criticize Trump here for his incoherence. But at the same time, we aren't quite sure what was meant. It's only meaningful in the greater context. Trump has talked before about CrowdStrike's investigation being wrong, a rich Ukrainian owning CrowdStrike, and a "server". He's talked a lot about these topics before.Who is CrowdStrike?They are a cybersecurity firm that, among other things, investigates hacker attacks. If you've been hacked by a nation state, then CrowdStrike is the sort of firm you'd hire to come and investigate what happened, and help prevent it from happening again.Why is CrowdStrike mentioned?Because they were the lead investigators in the DNC hack who came to the conclusion that Russia was responsible. The pro-Trump crowd believes this conclusion is false. If the conclusion is false, then it must mean CrowdStrike is part of the anti-Trump conspiracy.Trump always had a thing for CrowdStrike since their first investigation. It's intensified since the Mueller report, which solidified the ties between Trump-Russia, and Russia-DNC-Hack.Personally, I'm always suspicious of such investigations. Politics, either grand (on this scale) or small (internal company politics) seem to drive investigations, creating firm conclusions based on flimsy evidence. But CrowdStrike has made public some pretty solid information, such as BitLy accounts used both in the DNC hacks and other (known) targets of state-sponsored Russian hackers. Likewise, the Mueller report had good data on Bitcoin accounts. I'm sure if I looked at all the evidence, I'd have more doubts, but at the same time, of the politicized hacking incidents out there, this seems to have the best (public) support for the conclusion.What's the conspiracy?The basis of the conspiracy is that the DNC hack was actually an inside job. Some former intelligence officials lead by Bill Binney claim they looked at some data and found that the files were copied "locally" instead of across the Internet, and therefore, it was an insider who did it and not a remote hacker.I debunk the claim here, but the short explanation is: of course the files were copied "locally", the hacker was inside the network. In my long experience investigating hacker intrusions, and performing them myself, I know this is how it's normally done. I mention my own experience because I'm technical and know these things, in contrast with Bill Binney and those other intelligence officials who have no experience with such things. He sounds impressive that he's formerly of the NSA, but he was a mid-level manager in charge of budgets. Binney has never performed a data breach investigation, has never performed a pentest.There's other parts to the conspiracy. In the middle of all this, a DNC staffer was murdered on the street, possibley due to a mugging. Naturally this gets included as part of the conspiracy, this guy ("Seth Rich") must've been the "insider" in this attack, and mus | Data Breach Hack Guideline | NotPetya | |
 |
2019-08-20 11:11:01 | Episode 158: How NotPetya has Insurers grappling with Systemic Cyber Risk (lien direct) | We talk to Bruce McDonnell of the East West Institute about how insurers are responding. -->
|
NotPetya | ||
|
2019-06-27 23:12:04 | NotPetya – Two Years On From “The Most Destructive And Costly Cyber-Attack In History” (lien direct) | On 27 June 2017, the Russian military launched nation-state destroyer attack NotPetya. Causing an estimated $10 billion in damages, the White House described it as “the most destructive and costly cyber-attack in history”. In June 2017, the malware NotPetya spread from Ukraine to some of the largest businesses worldwide. It then racked up more $10 billion in damages. … The ISBuzz Post: This Post NotPetya – Two Years On From “The Most Destructive And Costly Cyber-Attack In History” | Malware | NotPetya | |
 |
2019-06-13 13:00:03 | May 2019\'s Most Wanted Malware: Patch Now to Avoid the BlueKeep Blues (lien direct) | In May, the most significant event in the threat landscape was not a new type of malware: it was a serious vulnerability in older versions of Windows operating systems that – if exploited by criminals – could lead to the type of mega-scale ransomware attacks we saw in 2017 with WannaCry and NotPetya. The… | Ransomware Vulnerability Threat Guideline | NotPetya Wannacry | ★★★ |
|
2019-05-29 20:16:09 | Your threat model is wrong (lien direct) | Several subjects have come up with the past week that all come down to the same thing: your threat model is wrong. Instead of addressing the the threat that exists, you've morphed the threat into something else that you'd rather deal with, or which is easier to understand.PhishingAn example is this question that misunderstands the threat of "phishing":Should failing multiple phishing tests be grounds for firing? I ran into a guy at a recent conference, said his employer fired people for repeatedly falling for (simulated) phishing attacks. I talked to experts, who weren't wild about this disincentive. https://t.co/eRYPZ9qkzB pic.twitter.com/Q1aqCmkrWL- briankrebs (@briankrebs) May 29, 2019The (wrong) threat model is here is that phishing is an email that smart users with training can identify and avoid. This isn't true.Good phishing messages are indistinguishable from legitimate messages. Said another way, a lot of legitimate messages are in fact phishing messages, such as when HR sends out a message saying "log into this website with your organization username/password".Recently, my university sent me an email for mandatory Title IX training, not digitally signed, with an external link to the training, that requested my university login creds for access, that was sent from an external address but from the Title IX coordinator.- Tyler Pieron (@tyler_pieron) May 29, 2019Yes, it's amazing how easily stupid employees are tricked by the most obvious of phishing messages, and you want to point and laugh at them. But frankly, you want the idiot employees doing this. The more obvious phishing attempts are the least harmful and a good test of the rest of your security -- which should be based on the assumption that users will frequently fall for phishing.In other words, if you paid attention to the threat model, you'd be mitigating the threat in other ways and not even bother training employees. You'd be firing HR idiots for phishing employees, not punishing employees for getting tricked. Your systems would be resilient against successful phishes, such as using two-factor authentication.IoT securityAfter the Mirai worm, government types pushed for laws to secure IoT devices, as billions of insecure devices like TVs, cars, security cameras, and toasters are added to the Internet. Everyone is afraid of the next Mirai-type worm. For example, they are pushing for devices to be auto-updated.But auto-updates are a bigger threat than worms.Since Mirai, roughly 10-billion new IoT devices have been added to the Internet, yet there hasn't been a Mirai-sized worm. Why is that? After 10-billion new IoT devices, it's still Windows and not IoT that is the main problem.The answer is that number, 10-billion. Internet worms work by guessing IPv4 addresses, of which there are only 4-billion. You can't have 10-billion new devices on the public IPv4 addresses because there simply aren't enough addresses. Instead, those 10-billion devices are almost entirely being put on private ne | Ransomware Tool Vulnerability Threat Guideline | FedEx NotPetya | |
|
2019-05-28 06:20:06 | Almost One Million Vulnerable to BlueKeep Vuln (CVE-2019-0708) (lien direct) | Microsoft announced a vulnerability in it's "Remote Desktop" product that can lead to robust, wormable exploits. I scanned the Internet to assess the danger. I find nearly 1-million devices on the public Internet that are vulnerable to the bug. That means when the worm hits, it'll likely compromise those million devices. This will likely lead to an event as damaging as WannaCry and notPetya from 2017 -- potentially worse, as hackers have since honed their skills exploiting these things for ransomware and other nastiness.To scan the Internet, I started with masscan, my Internet-scale port scanner, looking for port 3389, the one used by Remote Desktop. This takes a couple hours, and lists all the devices running Remote Desktop -- in theory.This returned 7,629,102 results (over 7-million). However, there is a lot of junk out there that'll respond on this port. Only about half are actually Remote Desktop.Masscan only finds the open ports, but is not complex enough to check for the vulnerability. Remote Desktop is a complicated protocol. A project was posted that could connect to an address and test it, to see if it was patched or vulnerable. I took that project and optimized it a bit, rdpscan, then used it to scan the results from masscan. It's a thousand times slower, but it's only scanning the results from masscan instead of the entire Internet.The table of results is as follows:1447579 UNKNOWN - receive timeout1414793 SAFE - Target appears patched1294719 UNKNOWN - connection reset by peer1235448 SAFE - CredSSP/NLA required 923671 VULNERABLE -- got appid 651545 UNKNOWN - FIN received 438480 UNKNOWN - connect timeout 105721 UNKNOWN - connect failed 9 82836 SAFE - not RDP but HTTP 24833 UNKNOWN - connection reset on connect 3098 UNKNOWN - network error 2576 UNKNOWN - connection terminatedThe various UNKNOWN things fail for various reasons. A lot of them are because the protocol isn't actually Remote Desktop and respond weirdly when we try to talk Remote Desktop. A lot of others are Windows machines, sometimes vulnerable and sometimes not, but for some reason return errors sometimes.The important results are those marked VULNERABLE. There are 923,671 vulnerable machines in this result. That means we've confirmed the vulnerability really does exist, though it's possible a small number of these are "honeypots" deliberately pretending to be vulnerable in order to monitor hacker activity on the Internet.The next result are those marked SAFE due to probably being "pached". Actually, it doesn't necessarily mean they are patched Windows boxes. They could instead be non-Windows systems that appear the same as patched Windows boxes. But either way, they are safe from this vulnerability. There are 1,414,793 of them.The next result to look at are those marked SAFE due to CredSSP/NLA failures, of which there are 1,235,448. This doesn't mean they are patched, but only that we can't exploit them. They require "network level authentication" first before we can talk Remote Desktop to them. That means we can't test whether they are patched or vulnerable -- but neither can the hackers. They may still be exploitable via an insider threat who knows a valid username/password, but they aren't exploitable by anonymous hackers or worms.The next category is marked as SAFE because they aren't Remote Desktop at all, but HTTP servers. In other words, in response to o | Ransomware Vulnerability Threat Patching Guideline | NotPetya Wannacry | |
|
2019-05-27 19:59:38 | A lesson in journalism vs. cybersecurity (lien direct) | A recent NYTimes article blaming the NSA for a ransomware attack on Baltimore is typical bad journalism. It's an op-ed masquerading as a news article. It cites many to support the conclusion the NSA is to be blamed, but only a single quote, from the NSA director, from the opposing side. Yet many experts oppose this conclusion, such as @dave_maynor, @beauwoods, @daveaitel, @riskybusiness, @shpantzer, @todb, @hrbrmst, ... It's not as if these people are hard to find, it's that the story's authors didn't look.The main reason experts disagree is that the NSA's Eternalblue isn't actually responsible for most ransomware infections. It's almost never used to start the initial infection -- that's almost always phishing or website vulns. Once inside, it's almost never used to spread laterally -- that's almost always done with windows networking and stolen credentials. Yes, ransomware increasingly includes Eternalblue as part of their arsenal of attacks, but this doesn't mean Eternalblue is responsible for ransomware.The NYTimes story takes extraordinary effort to jump around this fact, deliberately misleading the reader to conflate one with the other. A good example is this paragraph: That link is a warning from last July about the "Emotet" ransomware and makes no mention of EternalBlue. Instead, the story is citing anonymous researchers claiming that EthernalBlue has been added to Emotet since after that DHS warning.Who are these anonymous researchers? The NYTimes article doesn't say. This is bad journalism. The principles of journalism are that you are supposed to attribute where you got such information, so that the reader can verify for themselves whether the information is true or false, or at least, credible.And in this case, it's probably false. The likely source for that claim is this article from Malwarebytes about Emotet. They have since retracted this claim, as the latest version of their article points out. In any event, the NYTimes article claims that Emotet is now "relying" on the NSA's EternalBlue to spread. That's not the same thing as "using", not even close. Yes, lots of ransomware has been updated to also use Eternalblue to spread. However, what ransomware is relying upon is still the Wind |
Ransomware Malware Patching Guideline | NotPetya Wannacry | |
 |
2019-04-09 15:36:04 | Get Ready for the First Wave of AI Malware (lien direct) | While viruses and malware have stubbornly stayed as a top-10 “things I lose sleep over as a CISO,” the overall threat has been steadily declining for a decade. Unfortunately, WannaCry, NotPetya, and an entourage of related self-propagating ransomware abruptly propelled malware back up the list and highlighted the risks brought by modern inter-networked business systems and the explosive growth of unmanaged devices. | Ransomware Malware Threat | NotPetya Wannacry | |
|
2019-03-27 21:19:02 | Second Insurer Has Cited \'War Exclusion\' To Avoid Payout Over NotPetya (lien direct) | It has been reported that a second insurer has cited ‘war exclusion’ to avoid payout over NotPetya. Multinational law firm DLA Piper is in a dispute with its insurer, Hiscox, in an echo of the Zurich Insurance refusal to pay out Mondelez – in both cases, the claims related to the NotPetya cyber-attacks with the insurers citing war exclusion clause.It claims that the NotPetya attack comes under an … The ISBuzz Post: This Post Second Insurer Has Cited ‘War Exclusion’ To Avoid Payout Over NotPetya | NotPetya | ||
 |
2019-03-26 08:00:02 | Survey: Geopolitical Issues Affect How Two-Thirds of Cybersecurity Professionals Do Business (lien direct) | It's a turbulent time in geopolitics today, and activity in the geopolitical landscape inevitably intertwines with increased cyber activity across borders. Reports of nation-state attacks are on the rise. Attacks on U.S. energy infrastructure, NotPetya, the Sony breach and the WannaCry global outbreak have all recently been attributed to nation-states. Trust in foreign technology has […]… Read More | NotPetya Wannacry | ||
|
2019-03-25 17:07:03 | DLA Piper and its insurers clash over multi-million NotPetya payout (lien direct) |  Multinational law firm was hit in the crossfire as Russia-backed ransomware spread, and Hiscox is reportedly declining to pay up citing an “act of war”.
|
Ransomware | NotPetya | |
 |
2019-02-26 11:00:03 | Cryptojacking Rises 450 Percent as Cybercriminals Pivot From Ransomware to Stealthier Attacks (lien direct) | >Cybercriminals made a lot of noise in 2017 with ransomware attacks like WannaCry and NotPetya, using an in-your-face approach to cyberattacks that netted them millions of dollars from victims. But new research from IBM X-Force, the threat intelligence, research and incident response arm of IBM Security, revealed that 2018 saw a rapid decline in ransomware […] | Ransomware Threat | NotPetya Wannacry | ★★ |
|
2019-02-21 00:01:00 | Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag (lien direct) |  How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.
|
Malware | NotPetya | |
 |
2019-02-09 21:14:02 | Ransomware as a Service : le juteux business model de Satan & Co (lien direct) | Ces dernières années, des attaques de ransomware très médiatisées, comme WannaCry et NotPetya, ont fait les gros titres au niveau mondial pour avoir infecté des milliers d'ordinateurs en chiffrant les fichiers qui restent ensuite " tenus en otage " jusqu’au paiement d'une rançon par la victime... Cet article Ransomware as a Service : le juteux business model de Satan & Co est apparu en premier sur ZATAZ. | Ransomware | NotPetya Wannacry | |
|
2019-01-14 10:03:01 | Zurich refuses to pay Mondelez for NotPetya damages because it\'s \'an act of war\' (lien direct) | Zurich American Insurance Company is refusing to refund its client because consider the attack as “an act of war” that is not covered by its policy. The US food giant Mondelez is suing Zurich for $100 Million after the insurance company rejected its claim to restore normal operations following the massive NotPetya ransomware attack. On […] | Ransomware | NotPetya | |
|
2019-01-12 19:00:01 | Zurich Sued For $100 Million Following NotPetya Attack (lien direct) | Following the news that Mondelez, the US food company that owns the Oreo and Cadbury brands, is suing its insurance company, Zurich, for refusing to pay out on a $100m claim for damage caused by the NotPetya cyber attack, please see below comments from Igor Baikalov, chief scientist at Securonix. Igor Baikalov, Chief Scientist at … The ISBuzz Post: This Post Zurich Sued For $100 Million Following NotPetya Attack | NotPetya | ||
 |
2019-01-11 14:00:00 | Things I Hearted This Week, 11th Jan 2019 (lien direct) |
And we’re back into the swing of things with a proper first week on the books and plenty to talk about as to the weird and wonderful goings on in the world of security, technology and beyond.
International Security of Mystery
Joe Gray hasn’t really flown outside of the US other than Canada, so when presented with an opportunity to speak at conferences in Switzerland and Paris, he went about trying to find what a security professional should do when travelling internationally.
The Preliminary Cybersecurity Guide To International Travel | Forbes
Lesley Carhart’s blog which is referenced in Joe’s article probably has one of the most comprehensive posts on the topic
The Infosec Introvert Travel Blog | tisi phone
Mondelez Sues Zurich in Rest for Cyber Hack Insurance
And so it begins…
Mondelez, the US food company that owns the Oreo and Cadbury brands, is suing its insurance company, Zurich, for refusing to pay out on a $100m claim for damage caused by the NotPetya cyber attack.
Mondelez sues Zurich in test for cyber hack insurance | FT (may require subscription)
2019 - The Year of Cloud-Based Cybersecurity
Yes, it’s a prediction piece, but a rather specific one talking about how we’re seeing a rise in cloud-based security analytics and operations.
2019 will be the year of cloud-based cybersecurity analytics/operations | CSO
The Cyber-Attack That Sent an Alaskan Community Back in Time
They still don’t know where it c |
NotPetya | ||
|
2019-01-11 10:04:05 | NotPetya an \'act of war,\' cyber insurance firm taken to task for refusing to pay out (lien direct) | A lawsuit demands $100m in damages after Zurich refused to pay out for a NotPetya attack against Mondelez. | NotPetya | ||
|
2018-12-05 12:30:04 | Ransomware Is Constantly Evolving But We Can Defeat It Through Innovation (lien direct) | When two large-scale ransomware campaigns – WannaCry and NotPetya – caused widespread disruption in 2017 the headlines suggested they heralded a new era of large-scale attacks. WannaCry spread across 150 countries and severely affected the NHS in the UK and many other large organisations in the US including hospitals, vehicle manufacturers, petrol stations, railways and … The ISBuzz Post: This Post Ransomware Is Constantly Evolving But We Can Defeat It Through Innovation | Ransomware | NotPetya Wannacry | |
|
2018-11-29 19:19:03 | WannaCry: One year later, is the world ready for another major attack? (lien direct) | ZDNet's Danny Palmer examine's the aftermath of WannaCry, Notpetya, and Bad Rabbit. | NotPetya Wannacry | ★★★ | |
|
2018-11-15 20:12:00 | Compromising vital infrastructure: air traffic control (lien direct) |
The aviation industry and air traffic (control) are vital elements of our infrastructure. While flying is reportedly safe, how does that landscape look cybersecurity-wise?
Categories:
Business
Cybercrime
Tags: air trafficair traffic controlATCAATOaviationcontroldata breachesdronesEUROCONTROLfreightNotPetyaransomwarespamWannaCry
(Read more...)
|
NotPetya Wannacry | ||
|
2018-11-06 18:05:01 | Compromising vital infrastructure: transport and logistics (lien direct) |
Transport and logistics are vital infrastructure, because we need them to deliver our daily necessities, but who is responsible for protecting them?
Categories:
Business
Cybercrime
Tags: cyberattackshackinginfrastructurelogisticsNotPetyaphishingprevent ransomware attacksprotectionransomwaretransportWannaCry
(Read more...)
|
Ransomware | NotPetya Wannacry | |
|
2018-10-16 14:08:05 | Les chercheurs d\'ESET établissent un lien entre les malwares NotPetya et Industroyer (lien direct) | ESET a découvert des liens probants entre le groupe de cybercriminels TeleBots et Industroyer, le malware le plus puissant à cibler aujourd'hui les systèmes industriels, exploité notamment dans le cadre du blackout électrique qui a frappé Kiev, la capitale de l'Ukraine, en 2016. Le groupe TeleBots est également à l'origine de NotPetya, le malware destructeur de disques durs qui a largement perturbé les opérations des grandes entreprises à travers le monde en 2017. Et il est aussi lié à BlackEnergy, un (...) - Malwares | Malware | NotPetya | |
 |
2018-10-15 15:38:02 | NotPetya Linked to Industroyer Attack on Ukraine Energy Grid (lien direct) | Evidence shows that three of the most destructive incidents seen in modern cyber-history are the work of one APT. | NotPetya | ||
 |
2018-10-12 18:24:00 | The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More (lien direct) | Lots of Scarab, Matrix, and Dharma variants this week as well as some good writeups on the GandCrab ransomware. Also of interest is ESET publishing of their report that ties NotPetya and Industroyer to the TeleBots Group. [...] | Ransomware | NotPetya |
To see everything:
Our RSS (filtrered)
