Ukrainian Security Call in FBI, NCA & Europol

Uploaded on 2017-07-11 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

Ukrainian security service SBU has reached out to the FBI, the UK’s National Crime Agency (NCA), Europol and others in a bid to establish who was behind the ‘Petya’ ransomware outbreak.

In a brief statement, the SBU claimed it is also working with “special services of foreign countries and international organisations” in a joint effort to get to the bottom of the hugely damaging attack campaign. Interestingly, the security service branded the attack an “act of cyber-terrorism”.

It explained:
“The SBU specialists in cooperation with the experts of FBI USA, NCA of Great Britain, Europol and also leading cyber security institutions, conduct coordinated joint events on localisation of damaging software PetyaA distribution, final definition of methods of this act of cyberterrorism, establishing of the attack sources, its executors, organisers and paymaster.”
The means of propagation, “activation” and operation have already been identified, which means that teams are currently focused on “the search of possibilities for data decoding and groundwork of guidelines for prevention of virus distribution, neutralisation of other negative consequences of this emergency.”

The Ukraine was particularly badly hit by the outbreak, with Eset claiming three-quarters (75%) of victims are within the country.

This threat appears to use various propagation methods, including the EternalBlue exploit utilised by WannaCry. 
It also uses legitimate tools PsExec and Windows Management Instrumentation Command-line (WMIC), plus Windows security tool Mimikatz to extract log-ins, to help spread laterally.

However, some analysts have claimed that in Ukraine, a compromised update to popular local accounting software MeDoc was used as an initial infection vector, with the country branded “patient zero” by Bitdefender.
In addition, Kaspersky Lab had this:
“The most significant discovery to date is that the Ukrainian website for the Bakhmut region was hacked and used to distribute the ransomware to visitors via a drive-by-download of the malicious file. To our knowledge no specific exploits were used in order to infect victims. Instead, visitors were served with a malicious file that was disguised as a Windows update.”

Despite the best intentions of the SBU and its global law enforcement allies, it would be highly unusual if they were able to definitively attribute the initial threat to a specific source.

Infosecurity Magazine

You Might Also Read:

Ukraine Police Trace Petya Attack Source:

Power Companies Cyber ‘Nightmare’:

 

« Fraud And The Internet of Things
Self- Drive Vehicle Are Confused by Kangaroos »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Intruder

Intruder

Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.

North American Electric Reliability Corporation (NERC)

North American Electric Reliability Corporation (NERC)

NERC is a not-for-profit international regulatory authority whose mission is to assure the reliability and security of the bulk power system in North America.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

sayTEC

sayTEC

sayTEC's mission is to develop and deliver next-generation products and services in encrypted data and voice transmission.

Infosec (T)

Infosec (T)

Infosec (T) Limited is an independent Tanzania based consultancy specializing in IT governance, information security and IT audit.

Multitel

Multitel

Multitel is an independent research centre. We develop and integrate emerging technologies into the industrial fabric at the regional and international levels.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

X-Ways Software Technology

X-Ways Software Technology

X-Ways provide software for computer forensics, electronic discovery, data recovery, low-level data processing, and IT security.

Abion

Abion

At Abion (formerly BRANDIT), we empower your business by providing comprehensive brand protection and web security services.

iSolutions

iSolutions

iSolutions is an official reseller and engineering company of leading products and solutions for cybersecurity and information protection, optimization, visualization and control of applications

Torq

Torq

Torq's no-code automation modernizes how security & operations teams work with easy workflow building, limitless integrations and numerous pre-built templates.

Bright Data

Bright Data

Bright Data Inc is the world’s #1 web data platform, enabling organizations to research, monitor, analyze data, and make better decisions.

Applied Connective Technologies

Applied Connective Technologies

Applied Connective is one team for all your technology needs, from IT to phones, cyber security to physical security, audio/video and the infrastructure to support it.

AuditBoard

AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management.

Code First Girls

Code First Girls

Code First Girls are on a mission to close the gender gap in the tech industry by providing employment through free education.

Quantum Flagship

Quantum Flagship

Quantum Flagship's goal is to consolidate and expand European scientific leadership and excellence in the research area of quantum technology.