A New Era Of Malware

In the summer of 2017, a software update for a popular Ukrainian accounting software pushed malware onto systems of companies doing business in Ukraine. The attack stopped life in Ukraine and crippled the Western logistics supply chain, hitting shipping giant Maersk, postal company FedEx, and the Port of Rotterdam.

That was just the beginning effect of a chain reaction, masterminded by the Kremlin.

Pundits eagerly pointed out stolen code from the National Security Agency (NSA) within the malware to claim authority on the attack, effectively binding NSA’s exploit and the attack together whenever either comes up. 

The lingering story that stuck in the public imagination: that the Russian cyber-attack was executed with help of cyber-weapons that the NSA lost control of. The narrative that took shape showed a devastating failure of the US government, and turned public attention away from who was accountable for the attack. 

NotPetya ushered in a new era of implant-enabled warfare where public opinion is as much the target as traditional IT systems. This wasn’t “hack and leak” or “inauthentic amplification” on social media. 

This is information operations by using malware to create a narrative, and shows what the future of conflict looks like: one where malware not only disrupts our business operations but also targets our minds and influences media coverage. 

NotPetya created significant downtime and a whopping $10 billion in damages, but its most subversive impact was how it deceived the public.

There are two defining milestones in the history of cyberwar via implant. One of them showcased clandestine tradecraft. The other utilised publicly-visible cross-domain effects. Both would have a profound influence on future cyber operations.

The first was Stuxnet, which targeted Iran's nuclear centrifuges and physically damaged them. It combined the cyber domain with the realm of kinetic destruction. A clandestine operation which made for a riveting tale that’s pretty easy to comprehend. The goal of Stuxnet was to sabotage Iran’s nuclear program while evading discovery for as long as possible. On the other hand, NotPetya’s multi-domain nature doesn’t let itself get defined quite as easily. 

It’s widely accepted that NotPetya was orchestrated by Russia’s military intelligence agency, the GRU. The GRU employs top tier offensive cyber operations and psychological operations teams. 

So what was NotPetya? 
In simple technical terms, we can say that NotPetya was a piece of destructive/wiper malware posing as ransomware. It was pushed to companies using the update mechanism of a very popular piece of Ukrainian accounting software. It is impossible to conclusively prove motive and intent without deep access inside a target organisation. In GRU’s case that would involve getting access to a person or system with the NotPetya mission plan. 

Unless a rival intelligence agency is willing to burn sources and methods, our public conversation about NotPetya’s desired effects is therefore limited to conjecture. We must get more comfortable operating in this gray zone, whether we like it or not. Otherwise our public analysis will be inherently astigmatic, which leads to bad decision making.

Vice

You Might Also Read: 

UK Blames Russia For NotPetya Cyberattack:

IBM X Force Dissect The Destructive Power Of Malware:

 

 

 

« Easy Cyber Knowledge Chapter 3 - Social Media & Social Change
NATO Will Retaliate »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

LogonBox Software

LogonBox Software

LogonBox Software specialises in producing a cost-effective range of Network Security and Identity Management software solutions for all sizes of Enterprise.

SERMA Safety & Security (S3)

SERMA Safety & Security (S3)

SERMA Safety & Security provides a comprehensive cybersecurity offering incorporating Expertise, Evaluation, Consultancy and Training, covering hardware, software and information systems.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

DG Technology

DG Technology

DG Technology is a customer-centric technology expert and business consultant that delivers services and products to minimize your information security, compliance, and business risks.

Quadrant Information Security

Quadrant Information Security

Quadrant Information Security is a consulting firm committed to supporting organizations in all vertical markets and protecting their sensitive data.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

Blaze Information Security

Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience and international presence.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

Sparrow

Sparrow

Sparrow specializes in application security testing solutions to cope with new technology trends such as cloud, mobile, and DevSecOps.

Diligent

Diligent

Diligent's SaaS GRC platform gives leaders a connected view of governance, risk, compliance and ESG across their organization.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

HWG Sababa

HWG Sababa

HWG Sababa is a cybersecurity provider that offers a comprehensive suite of strategic managed security solutions, services, and consultancy.

Harmonic Security

Harmonic Security

Harmonic Security helps companies to adopt Generative AI without risking the security and privacy of their data.