A New Era Of Malware

Uploaded on 2019-09-04 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In the summer of 2017, a software update for a popular Ukrainian accounting software pushed malware onto systems of companies doing business in Ukraine. The attack stopped life in Ukraine and crippled the Western logistics supply chain, hitting shipping giant Maersk, postal company FedEx, and the Port of Rotterdam.

That was just the beginning effect of a chain reaction, masterminded by the Kremlin.

Pundits eagerly pointed out stolen code from the National Security Agency (NSA) within the malware to claim authority on the attack, effectively binding NSA’s exploit and the attack together whenever either comes up. 

The lingering story that stuck in the public imagination: that the Russian cyber-attack was executed with help of cyber-weapons that the NSA lost control of. The narrative that took shape showed a devastating failure of the US government, and turned public attention away from who was accountable for the attack. 

NotPetya ushered in a new era of implant-enabled warfare where public opinion is as much the target as traditional IT systems. This wasn’t “hack and leak” or “inauthentic amplification” on social media. 

This is information operations by using malware to create a narrative, and shows what the future of conflict looks like: one where malware not only disrupts our business operations but also targets our minds and influences media coverage. 

NotPetya created significant downtime and a whopping $10 billion in damages, but its most subversive impact was how it deceived the public.

There are two defining milestones in the history of cyberwar via implant. One of them showcased clandestine tradecraft. The other utilised publicly-visible cross-domain effects. Both would have a profound influence on future cyber operations.

The first was Stuxnet, which targeted Iran's nuclear centrifuges and physically damaged them. It combined the cyber domain with the realm of kinetic destruction. A clandestine operation which made for a riveting tale that’s pretty easy to comprehend. The goal of Stuxnet was to sabotage Iran’s nuclear program while evading discovery for as long as possible. On the other hand, NotPetya’s multi-domain nature doesn’t let itself get defined quite as easily. 

It’s widely accepted that NotPetya was orchestrated by Russia’s military intelligence agency, the GRU. The GRU employs top tier offensive cyber operations and psychological operations teams. 

So what was NotPetya? 
In simple technical terms, we can say that NotPetya was a piece of destructive/wiper malware posing as ransomware. It was pushed to companies using the update mechanism of a very popular piece of Ukrainian accounting software. It is impossible to conclusively prove motive and intent without deep access inside a target organisation. In GRU’s case that would involve getting access to a person or system with the NotPetya mission plan. 

Unless a rival intelligence agency is willing to burn sources and methods, our public conversation about NotPetya’s desired effects is therefore limited to conjecture. We must get more comfortable operating in this gray zone, whether we like it or not. Otherwise our public analysis will be inherently astigmatic, which leads to bad decision making.

Vice

You Might Also Read: 

UK Blames Russia For NotPetya Cyberattack:

IBM X Force Dissect The Destructive Power Of Malware:

 

 

 

« Easy Cyber Knowledge Chapter 3 - Social Media & Social Change
NATO Will Retaliate »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

PeCERT

PeCERT

PeCERT is the national Computer Emergency Response Team for Peru.

Conscia

Conscia

Conscia provides IT infrastructure solutions and 24/7 services in network, data center, security and mobility.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

DTS Solution

DTS Solution

DTS Solution delivers advanced cyber security solutions through is technology partnerships with industry leading security vendors and advanced consulting services.

Cellopoint

Cellopoint

Cellopoint is a leading manufacturer of information security and email lifecycle management (ELM) products.

Datec PNG

Datec PNG

Datec is the the largest end-to-end information and communications technology solutions and services provider in Papua New Guinea.

Sayata Labs

Sayata Labs

Sayata delivers a streamlined solution for processing cyber policies. Increase profitability with an easy and intuitive platform.

Early Birds

Early Birds

Early Birds is a Business to Business (B2B) marketplace for Innovators (Startups/Scaleups) and Early Adopters to exchange value early on.

KDM Analytics

KDM Analytics

KDM Analytics software products automate the NIST risk management framework (RMF) assessment for operational technology (OT) systems.

Softcat

Softcat

Softcat offer a broad portfolio of IT services and solutions covering Hybrid Infrastructure, Cyber Security, Digital Workspace and IT Intelligence.

AWARE7

AWARE7

IT security for human and machine. With the help of our products and services, we work with you to increase the IT security level of your organization.

Emerge Digital

Emerge Digital

Emerge Digital is a technology and digital innovation business and Managed Services Provider providing solutions to SMEs.

BJSS

BJSS

BJSS is an award-winning technology and engineering consultancy for business.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.

SFY Information Technology

SFY Information Technology

SFY helps companies with Cyber Security and Managed IT, allowing them to focus on what really matters to them.