TRENDING
with Ukrainian national holidays. These point towards an
attacker with political motivations behind the attack.
Longer term implications
So where does this incident leave the longer-term assessment
of the implications of NotPetya?
• Prepare for stray bullets. Many organisations were impacted
by the NotPeyta campaign. The interconnectivity of modern
systems and the ubiquity of applications means that
enterprises could find themselves the victims of attacks not
specifically targeting their organisations.
• The bar for cyberattacks keeps getting lower. The
availability of leaked tools from the NSA and HackingTeam,
coupled with ‘how-to’ manuals, means that threat actors will
have access to powerful tools that they can iterate from and
leverage to aggressively accomplish their goals.
Sadly, cyberattacks of this nature are not uncommon and so
businesses, governments and of course consumers need to
take steps to protect themselves against ransomware attacks.
1. The ‘basics’ aren’t easy, but they should not be forgotten.
Both NotPetya and WannaCry exploited basic and known
security vulnerabilities, so segmenting networks and applying
basic patching cycles will go a long way to mitigating threats
such as this.
2. Think about the soft factors. Defence is not just about
technical indicators and warning anymore, ‘soft’ factors such
as motivation and geostrategic issues are increasingly critical
in the response to malware like NotPetya.
Rick Holland, Vice President, Strategy, Digital Shadows
3. Plan to fail. No amount of good security will entirely
remove the risk posed by cyberattacks so it is critical to backup
critical data and systems on a regular basis and ensure crisis
management and comprehensive data recovery plans are in
place and practised. Extortion and destructive malware response
should be in your incident response playbooks.
4. If you aren’t already doing so,
think about the digital risks associated
with your supply chain. Regardless of
the alleged culpability of MEDoc, the
deployment mechanism does highlight
the attention that we all need to start
paying to supply chain compromise.
5. Defence in depth. Digital Shadows
advocate using a ‘defence in depth’
strategy guided by four main
principles: configuring host-based
firewalls and using IP-whitelisting
measures, segmenting networks and
restricting workstation-to-workstation
communication, applying patches and
disabling unneeded legacy features and
restricting access to important data to
only those who are required to have it.
Deployment and intra-network propagation
18
INTELLIGENTCIO
WannaCry and NotPeyta are a sign of
things to come, and you can expect
attackers will improve their
future campaigns. ¡
www.intelligentcio.com