Ukrainian Security Call in FBI, NCA & Europol

Uploaded on 2017-07-11 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

Ukrainian security service SBU has reached out to the FBI, the UK’s National Crime Agency (NCA), Europol and others in a bid to establish who was behind the ‘Petya’ ransomware outbreak.

In a brief statement, the SBU claimed it is also working with “special services of foreign countries and international organisations” in a joint effort to get to the bottom of the hugely damaging attack campaign. Interestingly, the security service branded the attack an “act of cyber-terrorism”.

It explained:
“The SBU specialists in cooperation with the experts of FBI USA, NCA of Great Britain, Europol and also leading cyber security institutions, conduct coordinated joint events on localisation of damaging software PetyaA distribution, final definition of methods of this act of cyberterrorism, establishing of the attack sources, its executors, organisers and paymaster.”
The means of propagation, “activation” and operation have already been identified, which means that teams are currently focused on “the search of possibilities for data decoding and groundwork of guidelines for prevention of virus distribution, neutralisation of other negative consequences of this emergency.”

The Ukraine was particularly badly hit by the outbreak, with Eset claiming three-quarters (75%) of victims are within the country.

This threat appears to use various propagation methods, including the EternalBlue exploit utilised by WannaCry. 
It also uses legitimate tools PsExec and Windows Management Instrumentation Command-line (WMIC), plus Windows security tool Mimikatz to extract log-ins, to help spread laterally.

However, some analysts have claimed that in Ukraine, a compromised update to popular local accounting software MeDoc was used as an initial infection vector, with the country branded “patient zero” by Bitdefender.
In addition, Kaspersky Lab had this:
“The most significant discovery to date is that the Ukrainian website for the Bakhmut region was hacked and used to distribute the ransomware to visitors via a drive-by-download of the malicious file. To our knowledge no specific exploits were used in order to infect victims. Instead, visitors were served with a malicious file that was disguised as a Windows update.”

Despite the best intentions of the SBU and its global law enforcement allies, it would be highly unusual if they were able to definitively attribute the initial threat to a specific source.

Infosecurity Magazine

You Might Also Read:

Ukraine Police Trace Petya Attack Source:

Power Companies Cyber ‘Nightmare’:

 

« Fraud And The Internet of Things
Self- Drive Vehicle Are Confused by Kangaroos »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

Dionach

Dionach

Dionach are a certified information security specialists who provide Penetration Testing, IT Security Auditing and Information Security Consultancy.

Magal Security Systems (Magal S3)

Magal Security Systems (Magal S3)

Magal Security Systems is a leading international provider of integrated solutions and products for physical and cyber security, safety and site management.

TEISS

TEISS

Teiss.co.uk is a website dedicated to providing information about cyber security. TEISS also provide a series of conferences and events focused on cyber security.

Pathway Forensics

Pathway Forensics

Pathway Forensics is a leading provider of computer forensics, e-discovery services and digital investigations.

Cycura

Cycura

Cycura provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations.

Relution

Relution

Relution is the Unified Endpoint Management platform for innovative companies and educational institutions. It enables you to manage your mobile apps and devices easily and securely.

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions provides advanced, innovative data security solutions for enterprises, professionals and individuals.

SterlingRisk Programs

SterlingRisk Programs

SterlingRisk’s Cyber practice brings experience working with a wide array of clients across a broad spectrum of industries.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

Infinipoint

Infinipoint

Infinipoint pioneers the first Device-Identity-as-a-Service (DIaaS) solution, addressing Zero Trust device access and enabling enterprises of all sizes to automate cyber hygiene.

443ID

443ID

443ID brings OSINT data to Identity Security professionals on any digital platform.

Ipseity Security

Ipseity Security

Ipseity Security provide security-centric advisory and consulting services for organizations to secure their perimeter-less digital transformation to meet business and security requirements.

Scalarr

Scalarr

Scalarr is an innovative, next-generation cyber security firm focused on automation and AI to detect and prevent threats in mobile and Edge/IoT infrastructures.

TeamSystem

TeamSystem

TeamSystem is a leading tech company in the market for digital business management solutions for companies and professionals.