Ukrainian Security Call in FBI, NCA & Europol

Uploaded on 2017-07-11 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

Ukrainian security service SBU has reached out to the FBI, the UK’s National Crime Agency (NCA), Europol and others in a bid to establish who was behind the ‘Petya’ ransomware outbreak.

In a brief statement, the SBU claimed it is also working with “special services of foreign countries and international organisations” in a joint effort to get to the bottom of the hugely damaging attack campaign. Interestingly, the security service branded the attack an “act of cyber-terrorism”.

It explained:
“The SBU specialists in cooperation with the experts of FBI USA, NCA of Great Britain, Europol and also leading cyber security institutions, conduct coordinated joint events on localisation of damaging software PetyaA distribution, final definition of methods of this act of cyberterrorism, establishing of the attack sources, its executors, organisers and paymaster.”
The means of propagation, “activation” and operation have already been identified, which means that teams are currently focused on “the search of possibilities for data decoding and groundwork of guidelines for prevention of virus distribution, neutralisation of other negative consequences of this emergency.”

The Ukraine was particularly badly hit by the outbreak, with Eset claiming three-quarters (75%) of victims are within the country.

This threat appears to use various propagation methods, including the EternalBlue exploit utilised by WannaCry. 
It also uses legitimate tools PsExec and Windows Management Instrumentation Command-line (WMIC), plus Windows security tool Mimikatz to extract log-ins, to help spread laterally.

However, some analysts have claimed that in Ukraine, a compromised update to popular local accounting software MeDoc was used as an initial infection vector, with the country branded “patient zero” by Bitdefender.
In addition, Kaspersky Lab had this:
“The most significant discovery to date is that the Ukrainian website for the Bakhmut region was hacked and used to distribute the ransomware to visitors via a drive-by-download of the malicious file. To our knowledge no specific exploits were used in order to infect victims. Instead, visitors were served with a malicious file that was disguised as a Windows update.”

Despite the best intentions of the SBU and its global law enforcement allies, it would be highly unusual if they were able to definitively attribute the initial threat to a specific source.

Infosecurity Magazine

You Might Also Read:

Ukraine Police Trace Petya Attack Source:

Power Companies Cyber ‘Nightmare’:

 

« Fraud And The Internet of Things
Self- Drive Vehicle Are Confused by Kangaroos »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Micro Focus

Micro Focus

Micro Focus is one of the world’s largest enterprise software providers. We deliver trusted and proven mission-critical software that keeps the digital world running.

iLand

iLand

iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

Bericon Forensics

Bericon Forensics

Bericon is one of the longest established forensic science consultancies in the UK. Activities include computer and mobile phone forensics.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

ESTsecurity

ESTsecurity

ESTsecurity is a leading company in cyber security providing intelligent security solutions to make world more secure.

Semperis

Semperis

Semperis is an enterprise identity protection company that enables organizations to quickly recover from accidental or malicious changes and disasters that compromise Active Directory.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

VariQ

VariQ

VariQ is a premier provider of Cybersecurity, Software Development and Cloud services to federal, state, and local government.

Tier One Technology Partners

Tier One Technology Partners

Tier One Technology Partners is an IT managed services provider that focuses on cybersecurity, cloud services, IT consulting, and infrastructure.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

Bleam Cyber Security

Bleam Cyber Security

Bleam is a leading provider of Managed Cyber Security Services and Information Security consulting. We deliver enterprise class security services to UK SME’s to stop data breaches.

Cloudflare

Cloudflare

Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

Leo CybSec

Leo CybSec

Leo CybSec unites a group of Cyber Security experts with 20+ years of collective expertise to help our clients realise and mitigate the cyber challenges and risks facing their business.

BeamSec

BeamSec

BeamSec is a cybersecurity solutions provider committed to addressing the human element of risk against the evolving landscape of email-based cyber threats.