#notpetya — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #notpetya, aggregated by home.social.
-
What Is a Supply Chain Attack? Lessons from Recent Incidents
924 words, 5 minutes read time.
I’ve been in computer programming with a vested interest in Cybersecurity long enough to know that your most dangerous threats rarely come through the obvious channels. It’s not always a hacker pounding at your firewall or a phishing email landing in an inbox. Sometimes, the breach comes quietly through the vendors, service providers, and software updates you rely on every day. That’s the harsh reality of supply chain attacks. These incidents exploit trust, infiltrating organizations by targeting upstream partners or seemingly benign components. They’re not theoretical—they’re real, costly, and increasingly sophisticated. In this article, I’m going to break down what supply chain attacks are, examine lessons from high-profile incidents, and share actionable insights for SOC analysts, CISOs, and anyone responsible for protecting enterprise assets.
Understanding Supply Chain Attacks: How Trusted Vendors Can Be Threat Vectors
A supply chain attack occurs when a threat actor compromises an organization through a third party, whether that’s a software vendor, cloud provider, managed service provider, or even a hardware supplier. The key distinction from conventional attacks is that the adversary leverages trust relationships. Your defenses often treat trusted partners as safe zones, which makes these attacks particularly insidious. The infamous SolarWinds breach in 2020 is a perfect example. Hackers injected malicious code into an update of the Orion platform, and thousands of organizations unknowingly installed the compromised software. From the perspective of a SOC analyst, it’s a nightmare scenario: alerts may look normal, endpoints behave according to expectation, and yet an attacker has already bypassed perimeter defenses. Supply chain compromises come in many forms: software updates carrying hidden malware, tampered firmware or hardware, and cloud or SaaS services used as stepping stones for broader attacks. The lesson here is brutal but simple: every external dependency is a potential attack vector, and assuming trust without verification is a vulnerability in itself.
Lessons from Real-World Supply Chain Attacks
History has provided some of the most instructive lessons in this area, and the pain was often widespread. The NotPetya attack in 2017 masqueraded as a routine software update for a Ukrainian accounting package but quickly spread globally, leaving a trail of destruction across multiple sectors. It was not a random incident—it was a strategic strike exploiting the implicit trust organizations placed in a single provider. Then came Kaseya in 2021, where attackers leveraged a managed service provider to distribute ransomware to hundreds of businesses in a single stroke. The compromise of one MSP cascaded through client systems, illustrating that upstream vulnerabilities can multiply downstream consequences exponentially. Even smaller incidents, such as a compromised open-source library or a misconfigured cloud service, can serve as a launchpad for attackers. What these incidents have in common is efficiency, stealth, and scale. Attackers increasingly prefer the supply chain route because it requires fewer direct compromises while yielding enormous operational impact. For anyone working in a SOC, these cases underscore the need to monitor not just your environment but the upstream components that support it, as blind trust can be fatal.
Mitigating Supply Chain Risk: Visibility, Zero Trust, and Preparedness
Mitigating supply chain risk requires a proactive, multifaceted approach. The first step is visibility—knowing exactly what software, services, and hardware your organization depends on. You cannot defend what you cannot see. Mapping these dependencies allows you to understand which systems are critical and which could serve as entry points for attackers. Second, you need to enforce Zero Trust principles. Even trusted vendors should have segmented access and stringent authentication. Multi-factor authentication, network segmentation, and least-privilege policies reduce the potential blast radius if a compromise occurs. Threat hunting also becomes crucial, as anomalies from trusted sources are often the first signs of a breach. Beyond technical controls, preparation is equally important. Tabletop exercises, updated incident response plans, and comprehensive logging equip teams to react swiftly when compromise is detected. For CISOs, it also means communicating supply chain risk clearly to executives and boards. Stakeholders must understand that absolute prevention is impossible, and resilience—rapid detection, containment, and recovery—is the only realistic safeguard.
The Strategic Imperative: Assume Breach and Build Resilience
The reality of supply chain attacks is unavoidable: organizations are connected in complex webs, and attackers exploit these dependencies with increasing sophistication. The lessons are clear: maintain visibility over your entire ecosystem, enforce Zero Trust rigorously, hunt for subtle anomalies, and prepare incident response plans that include upstream components. These attacks are not hypothetical scenarios—they are the evolving face of cybersecurity threats, capable of causing widespread disruption. Supply chain security is not a checkbox or a one-time audit; it is a mindset that prioritizes vigilance, resilience, and strategic thinking. By assuming breach, questioning trust, and actively monitoring both internal and upstream environments, security teams can turn potential vulnerabilities into manageable risks. The stakes are high, but so are the rewards for those who approach supply chain security with discipline, foresight, and a relentless commitment to defense.
Call to Action
If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.
D. Bryan King
Sources
- CISA: Supply Chain Security Resources
- NIST SP 800-161: Supply Chain Risk Management Practices
- KrebsOnSecurity: Cybersecurity News & Analysis
- CrowdStrike: Threat Intelligence Reports
- Mandiant Threat Reports
- Schneier on Security
- Verizon Data Breach Investigations Report (DBIR)
- Black Hat Conference Talks
- DEF CON Conference Resources
- Academic Papers on Cybersecurity
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
Related Posts
Rate this:
#anomalyDetection #attackVector #breachDetection #breachResponse #CISO #cloudSecurity #cyberattackLessons #cybersecurity #cybersecurityGovernance #cybersecurityIncident #cybersecurityMindset #cybersecurityPreparedness #cybersecurityResilience #cybersecurityStrategy #EndpointSecurity #enterpriseRiskManagement #enterpriseSecurity #hardwareCompromise #hardwareSecurity #incidentResponse #incidentResponsePlan #ITRiskManagement #ITSecurityPosture #ITSecurityStrategy #Kaseya #maliciousUpdate #MFASecurity #MSPSecurity #networkSegmentation #NotPetya #organizationalSecurity #perimeterBypass #ransomware #riskAssessment #SaaSRisk #securityAudit #securityControls #SOCAnalyst #SOCBestPractices #SOCOperations #softwareSecurity #softwareSupplyChain #softwareUpdateThreat #SolarWinds #supplyChainAttack #supplyChainMitigation #supplyChainRisk #supplyChainSecurityFramework #supplyChainVulnerabilities #thirdPartyCompromise #threatHunting #threatLandscape #trustedVendorAttack #upstreamCompromise #upstreamMonitoring #vendorDependency #vendorRiskManagement #vendorSecurity #vendorTrust #zeroTrust
-
HybridPetya – Ransomware omijający zabezpieczenie UEFI Secure Boot
Badacze bezpieczeństwa z firmy ESET odkryli nowy wariant ransomware przypominający doskonale wszystkim znany Petya/NotPetya, rozszerzony o możliwość przejmowania systemów operacyjnych uruchamianych ze wsparciem UEFI. Malware wykorzystuje podatność CVE-2024-7344do ominięcia mechanizmu UEFI Secure Boot. W najnowszych systemach podatność ta została załatana, jednak schemat działania oprogramowania, tzn. wykorzystanie eksploitów na poziomie firmware...
#WBiegu #Notpetya #Petya #Ransomware #Secureboot #Wiper
https://sekurak.pl/hybridpetya-ransomware-omijajacy-zabezpieczenie-uefi-secure-boot/
-
HybridPetya – Ransomware omijający zabezpieczenie UEFI Secure Boot
Badacze bezpieczeństwa z firmy ESET odkryli nowy wariant ransomware przypominający doskonale wszystkim znany Petya/NotPetya, rozszerzony o możliwość przejmowania systemów operacyjnych uruchamianych ze wsparciem UEFI. Malware wykorzystuje podatność CVE-2024-7344do ominięcia mechanizmu UEFI Secure Boot. W najnowszych systemach podatność ta została załatana, jednak schemat działania oprogramowania, tzn. wykorzystanie eksploitów na poziomie firmware...
#WBiegu #Notpetya #Petya #Ransomware #Secureboot #Wiper
https://sekurak.pl/hybridpetya-ransomware-omijajacy-zabezpieczenie-uefi-secure-boot/
-
HybridPetya – Ransomware omijający zabezpieczenie UEFI Secure Boot
Badacze bezpieczeństwa z firmy ESET odkryli nowy wariant ransomware przypominający doskonale wszystkim znany Petya/NotPetya, rozszerzony o możliwość przejmowania systemów operacyjnych uruchamianych ze wsparciem UEFI. Malware wykorzystuje podatność CVE-2024-7344do ominięcia mechanizmu UEFI Secure Boot. W najnowszych systemach podatność ta została załatana, jednak schemat działania oprogramowania, tzn. wykorzystanie eksploitów na poziomie firmware...
#WBiegu #Notpetya #Petya #Ransomware #Secureboot #Wiper
https://sekurak.pl/hybridpetya-ransomware-omijajacy-zabezpieczenie-uefi-secure-boot/
-
HybridPetya – Ransomware omijający zabezpieczenie UEFI Secure Boot
Badacze bezpieczeństwa z firmy ESET odkryli nowy wariant ransomware przypominający doskonale wszystkim znany Petya/NotPetya, rozszerzony o możliwość przejmowania systemów operacyjnych uruchamianych ze wsparciem UEFI. Malware wykorzystuje podatność CVE-2024-7344do ominięcia mechanizmu UEFI Secure Boot. W najnowszych systemach podatność ta została załatana, jednak schemat działania oprogramowania, tzn. wykorzystanie eksploitów na poziomie firmware...
#WBiegu #Notpetya #Petya #Ransomware #Secureboot #Wiper
https://sekurak.pl/hybridpetya-ransomware-omijajacy-zabezpieczenie-uefi-secure-boot/
-
HybridPetya – Ransomware omijający zabezpieczenie UEFI Secure Boot
Badacze bezpieczeństwa z firmy ESET odkryli nowy wariant ransomware przypominający doskonale wszystkim znany Petya/NotPetya, rozszerzony o możliwość przejmowania systemów operacyjnych uruchamianych ze wsparciem UEFI. Malware wykorzystuje podatność CVE-2024-7344do ominięcia mechanizmu UEFI Secure Boot. W najnowszych systemach podatność ta została załatana, jednak schemat działania oprogramowania, tzn. wykorzystanie eksploitów na poziomie firmware...
#WBiegu #Notpetya #Petya #Ransomware #Secureboot #Wiper
https://sekurak.pl/hybridpetya-ransomware-omijajacy-zabezpieczenie-uefi-secure-boot/
-
Good day everyone, new Blizzard has dropped!
Microsoft's Threat Intelligence shares their research on a Russian state actor dubbed #SeashellBlizzard! Part of the GRU, they specialize in operations from espionage to information operation and cyber-enabled disruptions which have resulted in destructive attacks and manipulation of ICS. They have leveraged different types of malware to include #KillDisk, #FoxBlade, and #NotPetya.
Behavior Summary (With MITRE ATT&CK):
Initial Access - TA0001:
Exploit Public-Facing Application - T1190
Seashell Blizzard commonly exploited vulnerable public facing infrastructure.Persistence - TA0003:
Create or Modify System Process: Windows Service - T1543.003 -
Among other means of persistence, Seashell Blizzard created a system service.Execution - TA0002:
Command and Scripting Interpreter: PowerShell - T1059.001
Command and Scripting Interpreter: Windows Command Shell - T1059.003
Seashell Blizzard abused both of these living off the land binaries for multiple reasons and using multiple different parameters.As always, there is WAAAAY too many technical details here, so go check it out yourself! Enjoy the read and Happy Hunting!
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
-
La genèse du ransowmare
La genèse du ransomware remonte avec l’histoire d’un docteur, Joseph Popp. Le parallèle avec le docteur Jekyll et de M. Hyde, semble être proche d’une réalité palpable. Il est à l’origine des rançongiciels dans sa démarche avec l'envoi de 26 000 disquettes « AIDs Trojan ».
Puis l’évolution des chiffrements avec des clefs de plus en plus grandes. Le passage du chiffrement symétrique à l’asymétrique est aussi une évolution.
La différence est que le Dr Popp recevait par virement les sommes sur un compte au Panama. Dorénavant, les cybercriminels perçoivent des bitcoins.L’évolution d’une société de plus en plus connectée (IoT), de plus en plus « informatisé » fait face à des défis constants en matière de cybersécurité et d'hygiène informatique.
Le rapport de la Cour des comptes sur la sécurité des établissements de santé est sans appel : « les autorités publiques ont réagi avec retard en finançant sur cinq ans un programme de prévention et de protection. Cette dynamique doit être poursuivie. »
https://librexpression.fr/genealogie-du-ransomware
#Bianlian #Cyberattack #Databreach #France #informatique #Librexpression #Lockbit #MBR #NotPetya #Panama #Phishing #Popp #ransomware #threaths #WannaCry
(Crédits : mason cook/Pexels)
-
La genèse du ransowmare
La genèse du ransomware remonte avec l’histoire d’un docteur, Joseph Popp. Le parallèle avec le docteur Jekyll et de M. Hyde, semble être proche d’une réalité palpable. Il est à l’origine des rançongiciels dans sa démarche avec l'envoi de 26 000 disquettes « AIDs Trojan ».
Puis l’évolution des chiffrements avec des clefs de plus en plus grandes. Le passage du chiffrement symétrique à l’asymétrique est aussi une évolution.
La différence est que le Dr Popp recevait par virement les sommes sur un compte au Panama. Dorénavant, les cybercriminels perçoivent des bitcoins.L’évolution d’une société de plus en plus connectée (IoT), de plus en plus « informatisé » fait face à des défis constants en matière de cybersécurité et d'hygiène informatique.
Le rapport de la Cour des comptes sur la sécurité des établissements de santé est sans appel : « les autorités publiques ont réagi avec retard en finançant sur cinq ans un programme de prévention et de protection. Cette dynamique doit être poursuivie. »
https://librexpression.fr/genealogie-du-ransomware
#Bianlian #Cyberattack #Databreach #France #informatique #Librexpression #Lockbit #MBR #NotPetya #Panama #Phishing #Popp #ransomware #threaths #WannaCry
(Crédits : mason cook/Pexels)
-
La genèse du ransowmare
La genèse du ransomware remonte avec l’histoire d’un docteur, Joseph Popp. Le parallèle avec le docteur Jekyll et de M. Hyde, semble être proche d’une réalité palpable. Il est à l’origine des rançongiciels dans sa démarche avec l'envoi de 26 000 disquettes « AIDs Trojan ».
Puis l’évolution des chiffrements avec des clefs de plus en plus grandes. Le passage du chiffrement symétrique à l’asymétrique est aussi une évolution.
La différence est que le Dr Popp recevait par virement les sommes sur un compte au Panama. Dorénavant, les cybercriminels perçoivent des bitcoins.L’évolution d’une société de plus en plus connectée (IoT), de plus en plus « informatisé » fait face à des défis constants en matière de cybersécurité et d'hygiène informatique.
Le rapport de la Cour des comptes sur la sécurité des établissements de santé est sans appel : « les autorités publiques ont réagi avec retard en finançant sur cinq ans un programme de prévention et de protection. Cette dynamique doit être poursuivie. »
https://librexpression.fr/genealogie-du-ransomware
#Bianlian #Cyberattack #Databreach #France #informatique #Librexpression #Lockbit #MBR #NotPetya #Panama #Phishing #Popp #ransomware #threaths #WannaCry
(Crédits : mason cook/Pexels)
-
La genèse du ransowmare
La genèse du ransomware remonte avec l’histoire d’un docteur, Joseph Popp. Le parallèle avec le docteur Jekyll et de M. Hyde, semble être proche d’une réalité palpable. Il est à l’origine des rançongiciels dans sa démarche avec l'envoi de 26 000 disquettes « AIDs Trojan ».
Puis l’évolution des chiffrements avec des clefs de plus en plus grandes. Le passage du chiffrement symétrique à l’asymétrique est aussi une évolution.
La différence est que le Dr Popp recevait par virement les sommes sur un compte au Panama. Dorénavant, les cybercriminels perçoivent des bitcoins.L’évolution d’une société de plus en plus connectée (IoT), de plus en plus « informatisé » fait face à des défis constants en matière de cybersécurité et d'hygiène informatique.
Le rapport de la Cour des comptes sur la sécurité des établissements de santé est sans appel : « les autorités publiques ont réagi avec retard en finançant sur cinq ans un programme de prévention et de protection. Cette dynamique doit être poursuivie. »
https://librexpression.fr/genealogie-du-ransomware
#Bianlian #Cyberattack #Databreach #France #informatique #Librexpression #Lockbit #MBR #NotPetya #Panama #Phishing #Popp #ransomware #threaths #WannaCry
(Crédits : mason cook/Pexels)
-
La genèse du ransowmare
La genèse du ransomware remonte avec l’histoire d’un docteur, Joseph Popp. Le parallèle avec le docteur Jekyll et de M. Hyde, semble être proche d’une réalité palpable. Il est à l’origine des rançongiciels dans sa démarche avec l'envoi de 26 000 disquettes « AIDs Trojan ».
Puis l’évolution des chiffrements avec des clefs de plus en plus grandes. Le passage du chiffrement symétrique à l’asymétrique est aussi une évolution.
La différence est que le Dr Popp recevait par virement les sommes sur un compte au Panama. Dorénavant, les cybercriminels perçoivent des bitcoins.L’évolution d’une société de plus en plus connectée (IoT), de plus en plus « informatisé » fait face à des défis constants en matière de cybersécurité et d'hygiène informatique.
Le rapport de la Cour des comptes sur la sécurité des établissements de santé est sans appel : « les autorités publiques ont réagi avec retard en finançant sur cinq ans un programme de prévention et de protection. Cette dynamique doit être poursuivie. »
https://librexpression.fr/genealogie-du-ransomware
#Bianlian #Cyberattack #Databreach #France #informatique #Librexpression #Lockbit #MBR #NotPetya #Panama #Phishing #Popp #ransomware #threaths #WannaCry
(Crédits : mason cook/Pexels)
-
20 Jahre #Melani: Die grössten Fälle - inside-it.ch https://www.inside-it.ch/20-jahre-melani-die-groessten-faelle-20241219 #Hacking #CyberCrime #Malware #Ransomware #DDoS #log4j #HeartBleed #Emotet #NotPetya #Stuxnet #WannaCry
-
20 Jahre #Melani: Die grössten Fälle - inside-it.ch https://www.inside-it.ch/20-jahre-melani-die-groessten-faelle-20241219 #Hacking #CyberCrime #Malware #Ransomware #DDoS #log4j #HeartBleed #Emotet #NotPetya #Stuxnet #WannaCry
-
20 Jahre #Melani: Die grössten Fälle - inside-it.ch https://www.inside-it.ch/20-jahre-melani-die-groessten-faelle-20241219 #Hacking #CyberCrime #Malware #Ransomware #DDoS #log4j #HeartBleed #Emotet #NotPetya #Stuxnet #WannaCry
-
This guide covers various ransomware attacks, including Colonial Pipeline, WannaCry and LockBit, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom.#blackcat #cheatsheet #cryptolocker #cybersecurity #darkside #lockbit #notpetya #phishing #ransomware #samsam #security #wannnacry
Ransomware Cheat Sheet for 2024: What Is Ransomware? -
Recorded Future warns that spyware vendors' zero-click exploit development increases the threat of wormable mobile malware called "Mobile NotPetya." Their 16 page report goes over the history of wormable mobile malware, emerging threats and mitigation recommenders for telecommunications providers and mobile device manufacturers.🔗 https://www.recordedfuture.com/mobile-notpetya-threat-rising-zero-click-exploits-mobile-malware-risks
-
@DavittoKun @landley Also minimalism and simplicity and reproduceability as well as auditability are IMHO long overdue qualities and should be the norm for critical systems.
https://www.youtube.com/watch?v=MkJkyMuBm3g&t=11m55sCuz I don't feel comfortable seeing #Windows of all things being used anywhere near #CriticalInfrastructure, espechally given how stuff like #Conti and #NotPetya can not just cripple entire nations but literally be weaponized to kill people (You don't want to see #MedicalIT, it's a nightmare that makes you want to ban everything more complex than a light switch!) - and that alone should be sufficient reason.
For anything I'd want to get done with it later it's better to have a something that can be easily reproduced and maintained than going the lazy route, espechally if one ever intents to win customers/users with transparency and not some "pay-to-loose" type of certification badge that doesn't say anything about the actual security (like those done by the @bsi) but only about how deep the pockets of the one trying to sell it to others are.
If I don't comply with fundamentals like Kerckhoff's Principle why should you even trust me on other fundamentals like how the weather is?
https://en.wikipedia.org/wiki/Kerckhoffs%27s_principleI mean, don't trust me at all, these other projects are stubs as of now for a reason:
https://github.com/KBtechnologies/PocketCrypto
https://github.com/KBtechnologies/CryptofonBut you'd likely agree that "#TrustMeBro" died with the inception of #MINERVA / #RUBIKON & #PRISM / #BULLRUN...
https://en.wikipedia.org/wiki/Crypto_AG -
⬆️ ⬇️
scénario similaire, issue "légèrement" différente coté USAMerck a conclu un accord de dernière minute avec ses assureurs, évitant ainsi un examen par la Cour suprême du New Jersey de son litige d'assurance lié à une cyberattaque. Cet accord est intervenu juste avant le début prévu d'un argument oral qui aurait pu établir un précédent national influençant le marché en plein essor de l'assurance cyber.
La dispute a commencé après que près de 40 000 ordinateurs de Merck aient été piratés lors de l'attaque " #NotPetya " en 2017, liée à la Russie. Les assureurs de Merck ont été jugés responsables d'environ 700 millions de dollars de réclamations en vertu de leurs politiques d'assurance de propriété "tous risques". Ces polices ont été déclenchées par l'attaque, et une exclusion de police courante pour "Action Hostile/Belliqueuse" en cas de cyberattaque a été jugée applicable uniquement aux "formes traditionnelles de guerre".
Les termes du règlement entre Merck et ses assureurs sont restés confidentiels, bien que Merck ait déclaré avoir subi des pertes de 1,4 milliard de dollars dues à l'attaque.
"Merck $1.4 Billion Cyberhack Settlement Ends ‘Warlike’ Act Claim"
👇
https://news.bloomberglaw.com/litigation/merck-1-4-billion-cyberhack-settlement-ends-warlike-act-claim -
I recently finished reading the book #Sandworm by Andy Greenberg.
I think one of the main thing I will take from that book is a scene where it is explained how a company responsible for selling accounting software were (ab)used to distribute #NotPetya around the world. It is then explained how the company did not have #APT or Nation States as part of their threat model because "we are not big or significant enough to be interesting to them".
The take away then being: "You probably can't exclude Nation States from your threat model".
-
A #Carbon-Neutral Plan to #AirCondition the World : Medium
Avoiding a ‘#Ghastly Future’: Hard Truths on the State of the #Planet : Yale
The Untold Story of #NotPetya, the Most Devastating #Cyberattack in #History($) : WIRED
Check our latest #KnowledgeLinks
-
A #Carbon-Neutral Plan to #AirCondition the World : Medium
Avoiding a ‘#Ghastly Future’: Hard Truths on the State of the #Planet : Yale
The Untold Story of #NotPetya, the Most Devastating #Cyberattack in #History($) : WIRED
Check our latest #KnowledgeLinks
-
A #Carbon-Neutral Plan to #AirCondition the World : Medium
Avoiding a ‘#Ghastly Future’: Hard Truths on the State of the #Planet : Yale
The Untold Story of #NotPetya, the Most Devastating #Cyberattack in #History($) : WIRED
Check our latest #KnowledgeLinks
-
A #Carbon-Neutral Plan to #AirCondition the World : Medium
Avoiding a ‘#Ghastly Future’: Hard Truths on the State of the #Planet : Yale
The Untold Story of #NotPetya, the Most Devastating #Cyberattack in #History($) : WIRED
Check our latest #KnowledgeLinks
-
A #Carbon-Neutral Plan to #AirCondition the World : Medium
Avoiding a ‘#Ghastly Future’: Hard Truths on the State of the #Planet : Yale
The Untold Story of #NotPetya, the Most Devastating #Cyberattack in #History($) : WIRED
Check our latest #KnowledgeLinks
-
CW: Long thread/11
#5yrsago #Taiwan’s legal #crowdsourcing tool is working surprisingly well to resolve thorny legislative problems https://www.technologyreview.com/2018/08/21/240284/the-simple-but-ingenious-system-taiwan-uses-to-crowdsource-its-laws/
#5yrsago The true story of #Notpetya: a Russian cyberweapon that escaped and did $10B in worldwide damage https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
#5yrsago European lawmaker writes post warning about dangers of automatic #CopyrightFilters, which is taken down by an automatic copyright filter https://www.techdirt.com/2018/08/21/automated-filter-removed-parliament-members-article-warning-about-censorship-automated-filters/
11/
-
#T2infosec keynote by Andy Jones details the #NotPetya #cyberattack on #Maersk -
https://www.youtube.com/watch?v=wT2r5VuYCU0 -
#T2infosec keynote by Andy Jones details the #NotPetya #cyberattack on #Maersk -
https://www.youtube.com/watch?v=wT2r5VuYCU0 -
#T2infosec keynote by Andy Jones details the #NotPetya #cyberattack on #Maersk -
https://www.youtube.com/watch?v=wT2r5VuYCU0 -
#T2infosec keynote by Andy Jones details the #NotPetya #cyberattack on #Maersk -
https://www.youtube.com/watch?v=wT2r5VuYCU0 -
#T2infosec keynote by Andy Jones details the #NotPetya #cyberattack on #Maersk -
https://www.youtube.com/watch?v=wT2r5VuYCU0 -
Pharmaceutical giant Merck's win in #NotPetya insurance dispute: What it means
https://www.databreachtoday.com/mercks-win-in-notpetya-insurance-dispute-what-means-a-21983 -
Amerikaanse verzekeraars moeten 1,4 miljard dollar betalen aan het internationale farmaceutische en chemiebedrijf Merck, vanwege de #NotPetya-#ransomware aanval. Dat heeft een rechter besloten nadat de verzekeraars weigerden te betalen.
https://www.agconnect.nl/artikel/verzekeraars-vs-moeten-14-miljard-betalen-vanwege-notpetya-aanval -
Merck's insurers can't use an "act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection, a court has ruled.
#NotPetya #war #actofwar #insurance #pharmaceutical
https://www.theregister.com/2023/05/03/merck_14bn_insurance_payout_upheld/ -
#Cybersecurity #Merck #Cyberattack #NotPetya #Russia: "Insurers for Merck & Co. must help cover losses from a $1.4 billion cyberattack that the U.S. blamed on Russia, a court said, rejecting the insurers’ argument that the attack was akin to an act of war normally excluded from coverage.
The NotPetya cyberattack didn’t involve military action and can’t be excluded from coverage under a warlike-act exclusion, New Jersey appellate division judges said in a decision released Monday.
“The exclusion of damages caused by hostile or warlike action by a government or sovereign power in times of war or peace requires the involvement of military action,” the judges wrote. “Coverage could only be excluded here if we stretched the meaning of ‘hostile’ to its outer limit.”
Merck is pleased with the decision, a spokesman for the Rahway, N.J.-based pharmaceutical company said. Lawyers for Merck’s insurers didn’t respond to a request for comment."
-
De overheid heeft een nieuwe nationale veiligheidsstrategie opgesteld, waarin #cybersecurity een topprioriteit wordt genoemd. Concreet worden in het rapport onder meer impactvolle #ransomware als #NotPetya genoemd als bedreiging, maar ook de kwetsbaarheid in de wijdverbreid gebruikte #Log4j-software.
https://www.agconnect.nl/artikel/ransomware-krijgt-prioriteit-nationale-veiligheidsstrategie-2023-2029 -
CERT-FR has just published a report on the integration of untrusted software. Recommendations are available at the end of the report.
https://cert.ssi.gouv.fr/cti/CERTFR-2022-CTI-007/
#Goldenspy #NotPetya -
Actions Target Russian Govt. Botnet, Hydra Dark Market https://krebsonsecurity.com/2022/04/actions-target-russian-govt-botnet-hydra-dark-market/ #GermanFederalCriminalPoliceOffice #MainIntelligenceDirectorate #U.S.DepartmentofTreasury #U.S.DepartmentofJustice #FederalSecurityService #Ne'er-Do-WellNews #CyclopsBlink #Dragonfly2.0 #WebFraud2.0 #ArsTechnica #HydraMarket #Ransomware #BeserkBear #RussianFSB #VoodooBear #WatchGuard #DanGoodin #VPNFilter #Garantex #NotPetya #Sandworm #Trisis #Triton
-
Smashing Security podcast #204: Green buttons, Olympic attacks, and… an apology https://grahamcluley.com/smashing-security-podcast-204/ #termsandconditions #SmashingSecurity #WinterOlympics #Vulnerability #votingmachine #vulnerability #DonaldTrump #Ransomware #databreach #ransomware #Dataloss #election #NotPetya #Malware #Podcast #Privacy #russia #XSS
-
@1337core Ich hatte für mein Buch ein längeres Interview mit dem CISO von Maersk: Das Unternehmen ist ja 2017 durch den #NotPetya-Angriff beinahe Pleite gegangen (hab ich auch im Buch rekonstruiert, war absolut abenteuerlich und leztlich ein absurder Zufall, der sie doch noch gerettet hat): Der meinte, seither gibt es keine Diskussionen mehr, wenn er mehr Budget braucht. Die mussten damals ja alles neu aufbauen, und man kann nur hoffen, dass sie das dann gleich ordentlich gemacht haben @digitus
-
Microsoft ordnet eine Ransomware-Kampagne einer Angreifergruppe zu, die bereits für einen Blackout in der Ukraine und NotPetya verantwortlich sein soll.
Microsoft: Russische Staats-Hacker verlegen sich auf Ransomware -
US offers $10 million reward for information about Russian military hackers implicated in NotPetya attack https://www.bitdefender.com/blog/hotforsecurity/us-offers-10-million-reward-for-information-about-russian-military-hackers-implicated-in-notpetya-attack/ #Ransomware #ransomware #Guestblog #Law&order #NotPetya #Malware
-
At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates https://krebsonsecurity.com/2022/01/at-request-of-u-s-russia-rounds-up-14-revil-ransomware-affiliates/ #RomanGennadyevichMuromsky #AndreySergeevichBessonov #Ne'er-Do-WellNews #DmitriAlperovitch #ColonialPipeline #TheComingStorm #PresidentBiden #ImmersiveLabs #VladimirPutin #Ransomware #KevinBreen #DarkSide #GandCrab #NotPetya #rEvil #FSB
-
Евросоюз ввел санкции против РФ и Китая за кибератаки #WannaCry, #NotPetya, #кибератака, #санкции, #ОЗХО, #ГЦСТ, #Евросоюз, #ГРУ, #Китай https://www.securitylab.ru/news/510671.php https://twitter.com/SecurityLabnews/status/1288879347164741634/photo/1
-
Евросоюз согласовал санкции за кибератаки против России и Китая #ГРУ, #Китай, #WannaCry, #NotPetya, #хакер, #санкции, #Россия, #КНДР https://www.securitylab.ru/news/510463.php https://twitter.com/SecurityLabnews/status/1286020028920463360/photo/1
-
Евросоюз согласовал санкции за кибератаки против России и Китая #ГРУ, #Китай, #WannaCry, #NotPetya, #хакер, #санкции, #Россия, #КНДР https://www.securitylab.ru/news/510463.php https://twitter.com/SecurityLabnews/status/1286019901153476608/photo/1
-
США обвинили граждан РФ в кибератаке на Олимпиаду #NotPetya, #обвинение, #суд, #преступление, #Украина, #Великобритания https://www.securitylab.ru/news/513172.php https://twitter.com/SecurityLabnews/status/1318248053212676098/photo/1