Cyber Cooperation Is Crucial in the Era of NotPetya

The NotPetya attacks weren’t as bad as WannaCry; they were worse, and we all need to start cooperating to prevent the next attack.

The NotPetya attacks weren’t as bad as WannaCry; they were worse, and we all need to start cooperating to prevent the next attack.

It’s looking more and more like last week’s NotPetya malware attacks, which infected computers around the world but hit Ukraine particularly hard, were designed to cause widespread damage and disruption, not make money.

Unlike WannaCry and other ransomware, NotPetya doesn’t just encrypt files; it destroys Windows machines’ master boot record (MBR), doing irrevocable damage to the system. There is no such thing as a key that can restore a destroyed MBR. Additionally, one, lone email address was set aside for victims to pay the “ransom” and receive their de-encryption keys. This address was immediately shut down by the email provider, rendering payment useless. Cyber criminals who truly wanted to collect money would have anticipated this.

NotPetya also has no known “kill switch.” The only way to stop it is to prevent it from infecting your machine in the first place.

NotPetya successfully caused chaos, mostly in Ukraine, where it hit organizations ranging from shipping companies to the infamous Chernobyl plant.

NSA Hack the Gift That Keeps on Giving to Cyber Criminals

Like the recent WannaCry attacks and cryptocurrency mining malware infections, NotPetya exploits the EternalBlue vulnerability found in older versions of MS Windows, the one made public last year after a group calling itself the Shadow Brokers sent a list of stolen NSA hacking tools to WikiLeaks. In the immediate aftermath of the NSA hack, the biggest question arguably was, “If one of the world’s most covert spy agencies can be breached, where does that leave everyone else?” Now, even bigger questions are emerging regarding the NSA’s (or any government agency’s) responsibility for cyber attacks that are committed using the cyber-spy tools it has developed, especially vulnerabilities that it finds but does not disclose to manufacturers. NextGov reports:

NSA, which employs more mathematicians than any organization on Earth, has been collecting these vulnerabilities. The agency often shares the weaknesses it finds with American manufacturers so they can be patched. But not always.

As NSA Director Mike Rogers told a Stanford audience in 2014, “the default setting is if we become aware of a vulnerability, we share it,” but then added, “There are some instances where we are not going to do that.” Critics contend that’s tantamount to saying, “In most cases we administer our special snake bite anti-venom that saves the patient. But not always.”

Everyone Needs to Start Cooperating

In the aftermath of NotPetya, U.S. Representative Ted Lieu (D-CA) sent a written appeal to the NSA, imploring the spy agency to do whatever was in its power to halt NotPetya and to commit to working with tech companies to prevent future attacks. Meanwhile, NATO released a statement declaring that NotPetya “can most likely be attributed to a state actor” and that the WannaCry and NotPetya attacks “[raise] questions about possible response options of affected states and the international community.” In other words, these attacks could be construed as potential acts of war, and everyone needs to start cooperating to defend against them.

A few months ago, an article on ZDNet bemoaned what the author saw as a lack of cooperation on cyber security between organizations in Australia. Allegedly, we here in the U.S. collaborate much better – but do we, really? We’ve got a situation where our country’s top spy agency may or may not share discovered software vulnerabilities with manufacturers, and this lack of disclosure has led to two major cyber attacks in as many months, three if you count the cryptocurrency mining malware attacks.

Clearly, the motive behind NotPetya was to cause real-world disruption of critical infrastructure. Even more concerning, the hackers behind it may have chosen Ukraine as a beta test environment for this new breed of malware, one that seeks not to steal data or lock down files, but to destroy systems beyond repair. The next attack – and there will be one – may be launched on a much larger country, maybe even the U.S., either as a standalone event or in conjunction with a wider-scale, real-world terrorist event.

Preventing cyber attacks isn’t just about losing money and data anymore; it’s about national security. There needs to be cooperation between countries, and within countries, between all organizations, both private and public.

The cyber security experts at Continuum GRC have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting your organization from security breaches. Continuum GRC offers full-service and in-house risk assessment and risk management subscriptions, and we help companies all around the world sustain proactive cyber security programs.

Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your organization’s cyber security needs and find out how we can help your organization protect its systems and ensure compliance with all applicable laws, frameworks, and standards.

Continuum GRC