Many firms hit by global cyber-attacks

This affected the Port of New York for one day back in late June. This is nothing to pooh-pooh, not at all, though it's hard to say whether there were any impacts on shipments to my area, like Ikea's. FedEx is silent on this subject, as far as I know.

http://hughfinerty.com/maersk-hit-by-cyber-attack-ports-of-new-york-and-new-jersey-closed/

 

https://securityintelligence.com/ne...oc-software-server-before-activating-malware/

 

Three lingering questions around the NotPetya attack

https://www.cybereason.com/blog-three-lingering-questions-around-the-notpetya-attack/

In regards to question #1, it would appear that the two NotPetya processes actually were present on the targeted endpoint devices prior to the June M.E. Doc update. So it is possible they were downloaded via a prior created backdoor; possibily created in the April or May update. If so, that backdoor probably still exists.

As far as AV non-detection, that one is easy. They were packed/encrypted and obfuscated. Assumed is the hacked evzit.exe updater, a trusted process, unpacked/unencrypted them in memory prior to executing them.

 

That's what I mean with you shouldn't blindly trust apps. If evzit.exe was monitored for unusual behavior, like executing unknown processes, it could have been stopped.

 

Merck, the worlds 7th largest pharmaceutical company, "is still struggling to restore all systems and resume normal operations" after NotPeyta attack.

https://www.bleepingcomputer.com/ne...ng-bulk-product-because-of-notpetya-outbreak/

 

"Ukrainian firm facing legal action for damages caused by NotPetya ransomware

The Juscutum Attorneys Association, a Ukrainian law firm, is rallying NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, the point of origin of the NotPetya ransomware outbreak..."

https://www.unian.info/society/2063...ages-caused-by-notpetya-ransomware-media.html

 

Will be interesting to see how this evolves legally. Based on the publically disclosed info to date, I really don't see a case here. All that has been disclosed is a system admin logon was compromised. Unfortunately, that happens more frequently than most are aware of.

As far as M.E. Docs. physical security of its on site hardware and the like, I suspect its on par with other installations in the Ukraine and like countries in that area of the world. Definitely behind western countries standards but the legal test would be what is the acceptable standard in the Ukraine.

 

"Ukraine police make arrest in Petya ransomware case

Ukrainian police have arrested an individual accused of spreading the Petya malware, used in a cyberattack that knocked thousands of companies offline earlier this year.

An unnamed 51-year-old from the southern city of Nikopol was detained by the state cyber-police earlier this week after a raid was carried out at the alleged attacker's home...

The statement said that the person of interest told police he had uploaded the malware to a file-sharing account and shared a link on his blog with instructions on how to launch the malware.

The malware was downloaded about 400 times, police say...

But it's not clear if police have declared the person of interest a formal suspect in the cyberattack that spread to more than 60 countries..."

http://www.zdnet.com/article/ukrain...hind-petya-ransomware-attack/#ftag=RSSbaffb68

 

"...In their statement, the Ukraine Cyberpolice did not say that the man was accused of creating Petya, only that he allegedly helped spread it...

Ukrainian officials searched the residence of the suspect arrested this week and said they found computers that were used to help spread Petya...

'...on the Internet posted a video detailing how you can run a virus «Petya .A »on computers. In the video komentaryahi man placed a link on his page in the social network, which he downloaded the virus itself and its distributed Internet users,' the translated version of the Ukraine Cyperpolice statement said..."

https://www.onthewire.io/ukrainian-police-arrest-suspect-in-petya-ransomware-campaign/

 

"Ukrainian Man Arrested For Distributing NotPetya Ransomware And Helping Tax Evaders...

Companies Intentionally Infected Their Computers to Avoid Paying Taxes & Fines

If you are not aware, 30th June was the last date in Ukraine for filing tax returns and unfortunately, during the same time NotPetya outcry began that encrypted sensitive files and documents for several businesses and organisations across the country.

Since firms that were infected by the virus were unable to submit tax reports on time and liable for paying huge fines for late submissions, the head of the parliamentary committee on tax and customs, Nina Yuzhanina, gave affected taxpayers some relief (through a statement on his Facebook profile) by extending the last date to 31st December, 2017.

Police believe the malware sample distributed by Neverov is being used by some businesses to deliberately infect their systems to avoid paying taxes on time as well as late tax return penalty..."

http://thehackernews.com/2017/08/ukraine-petya-ransomware-hacker.html

 

It gets stranger by the day in the Ukraine.

 

"World's biggest shipper: cyberattack cost up to $300 million

COPENHAGEN, Denmark (AP) -- The June cyberattack that paralyzed the computer systems in companies around the world is estimated to have cost the world's biggest container shipping line between $200 million and $300 million, A.P. Moller-Maersk said Wednesday..."

http://hosted.ap.org/dynamic/storie..._MAERSK?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT

 

"Chinese hackers 'built back door hack into software to spy on Britain’s top businesses'

THE National Grid could be at risk of a cyber attack after a hacker group linked to China create a “back door” in software used by big businesses...

The code has been spread around the world through a compromised software update for server management software from tech firm NetSarang...

Fears were raised that the attack may have been an inside job after it was revealed that the update carried a digital signature...

http://www.express.co.uk/news/world/842200/China-hackers-cyber-spying-attack-UK-business

 

There is no evidence of more than one concern being affected as noted here: https://www.wilderssecurity.com/threads/attackers-backdoor-another-software-update-mechanism.396129/

 

"June 2017 hacker attack was aimed to collect info about Ukraine's enterprises: Ukraine's security service SBU...

'On June 27, 2017, Ukraine was subjected to a large-scale cyber-attack involving the malicious software identified as the computer virus Petya. In analyzing the attack's effects and preconditions, it was determined that it was preceded by a collection of data regarding Ukrainian enterprises [...], the data's subsequent concealment in the files called cookies and dispatch to a command server. SBU experts assume that the information was exactly the target of the cyber-attack's first wave and might be used by the attack's actual initiators in terms of both cyber intelligence and further destructive actions,' the SBU said on Friday..."


http://en.interfax.com.ua/news/general/443333.html

 

http://news.softpedia.com/news/ukrainian-security-firm-warns-massive-global-cyberattack-517475.shtml

 

I'd be wary of taking anything in the Daily Express seriously as it has an agenda. I can't comment on its particular agenda without breaking Wilder's forum rules. What I will say is that my country (England) has a reputation for having a press that is a tad tendentious and not entirely honest and circumspect. I won't say that a lot of the British press print outright mendacities, but they often distort the truth and sensationalise, probably mainly to sell more copies or at least attract more advertising revenue. I think that you should be aware of the cultural relevancy and possible target demographic for these 'journals'.

 

"Shipping Giant Deploys Blockchain to Combat Industry Cyberattacks...

Anglo-American shipping corporation Marine Transport International (MTI) has implemented its Blockchain pilot which will avoid NotPetya-style cyberattacks...

'In recent months the shipping industry has fallen victim to industrial-scale cyberattacks which have left large shipping lines, such as Maersk, completely paralyzed and unable to serve clients,'
CEO Jody Cleworth commented.

'A Blockchain-enabled supply chain is highly resilient to cyberattack – a copy of the essential shipping data is stored on each node on a decentralized network, meaning that even if one node is compromised, the data is safe nevertheless.'..."

https://cointelegraph.com/news/shipping-giant-deploys-blockchain-to-combat-industry-cyberattacks

 

Pretty heavy stuff. Basically a way to control transaction processing with business rules: https://www.hyperledger.org/wp-content/uploads/2017/08/Hyperledger_Arch_WG_Paper_1_Consensus.pdf

 

"British officials blamed Russia for last June’s massive “Petya” cyberattack, which crippled computer networks at multinational firms including FedEx Corp.

Ukraine, which bore the brunt of the attack, accused Russia at the time of orchestrating the attack. Wednesday’s allegations by London represented the first time a major Western government has pinned blame on Moscow for the incident...

U.K. intelligence officials said late Wednesday that they concluded that Russia’s military was “almost certainly responsible” for the attack, according to a statement by Britain’s foreign office. It said it decided to publicly point the finger to show that the U.K. and its allies 'will not tolerate malicious cyber activity'...”

https://www.marketwatch.com/story/uk-blames-russia-for-crippling-cyberattack-in-june-2018-02-14

 

"White House Blames Russia for 'NotPetya Cyber Attack

WASHINGTON/LONDON (Reuters) - The White House on Thursday blamed Russia for the devastating 'NotPetya' cyber attack last year, joining the British government in condemning Moscow for unleashing a virus that crippled parts of Ukraine's infrastructure and damaged computers in countries across the globe..."

https://www.usnews.com/news/world/a...or-last-years-crippling-notpetya-cyber-attack

 

Investors accuse FedEx of lying, stock dumping after NotPetya attack
September 23, 2019
https://nakedsecurity.sophos.com/20...of-lying-stock-dumping-after-notpetya-attack/