A New Era Of Malware

In the summer of 2017, a software update for a popular Ukrainian accounting software pushed malware onto systems of companies doing business in Ukraine. The attack stopped life in Ukraine and crippled the Western logistics supply chain, hitting shipping giant Maersk, postal company FedEx, and the Port of Rotterdam.

That was just the beginning effect of a chain reaction, masterminded by the Kremlin.

Pundits eagerly pointed out stolen code from the National Security Agency (NSA) within the malware to claim authority on the attack, effectively binding NSA’s exploit and the attack together whenever either comes up. 

The lingering story that stuck in the public imagination: that the Russian cyber-attack was executed with help of cyber-weapons that the NSA lost control of. The narrative that took shape showed a devastating failure of the US government, and turned public attention away from who was accountable for the attack. 

NotPetya ushered in a new era of implant-enabled warfare where public opinion is as much the target as traditional IT systems. This wasn’t “hack and leak” or “inauthentic amplification” on social media. 

This is information operations by using malware to create a narrative, and shows what the future of conflict looks like: one where malware not only disrupts our business operations but also targets our minds and influences media coverage. 

NotPetya created significant downtime and a whopping $10 billion in damages, but its most subversive impact was how it deceived the public.

There are two defining milestones in the history of cyberwar via implant. One of them showcased clandestine tradecraft. The other utilised publicly-visible cross-domain effects. Both would have a profound influence on future cyber operations.

The first was Stuxnet, which targeted Iran's nuclear centrifuges and physically damaged them. It combined the cyber domain with the realm of kinetic destruction. A clandestine operation which made for a riveting tale that’s pretty easy to comprehend. The goal of Stuxnet was to sabotage Iran’s nuclear program while evading discovery for as long as possible. On the other hand, NotPetya’s multi-domain nature doesn’t let itself get defined quite as easily. 

It’s widely accepted that NotPetya was orchestrated by Russia’s military intelligence agency, the GRU. The GRU employs top tier offensive cyber operations and psychological operations teams. 

So what was NotPetya? 
In simple technical terms, we can say that NotPetya was a piece of destructive/wiper malware posing as ransomware. It was pushed to companies using the update mechanism of a very popular piece of Ukrainian accounting software. It is impossible to conclusively prove motive and intent without deep access inside a target organisation. In GRU’s case that would involve getting access to a person or system with the NotPetya mission plan. 

Unless a rival intelligence agency is willing to burn sources and methods, our public conversation about NotPetya’s desired effects is therefore limited to conjecture. We must get more comfortable operating in this gray zone, whether we like it or not. Otherwise our public analysis will be inherently astigmatic, which leads to bad decision making.

Vice

You Might Also Read: 

UK Blames Russia For NotPetya Cyberattack:

IBM X Force Dissect The Destructive Power Of Malware:

 

 

 

« Easy Cyber Knowledge Chapter 3 - Social Media & Social Change
NATO Will Retaliate »

Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Intellect Security Ltd

Intellect Security Ltd

Intellect Security is a consulting security solutions provider in Identity Management, Threat Detection & Prevention and Data Security & Integrity.

SecureDevice

SecureDevice

SecureDevice is a Danish IT Security company.

ComTrue Technologies

ComTrue Technologies

ComTrue Technologies is a developer and provider of personal information protection and cyber security solutions and services.

NovaTech

NovaTech

NovaTech products and services make the world’s power grids and essential process industries more reliable, efficient, sustainable and secure.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

Flipside

Flipside

Information Security training provider specialized in personalized training and security awareness campaigns.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

Thridwayv

Thridwayv

Thirdwayv helps your enterprise realize the full potential of loT connectivity. All while neutralizing security threats that can run ruin the customer experience - and your reputation.