Six years have passed since the infamous NotPetya cyber attack sent shockwaves through the cybersecurity landscape. Initially disguised as ransomware, NotPetya quickly revealed its true destructive nature, spreading damage to businesses and governments around the world, resulting in billions of dollars in losses. Six years later, the impact of the NotPetya attack is still being felt, and the lessons learned from this incident continue to shape the way we approach cybersecurity. Tom Gol, CTO for research at Armis provides his take on what happened and lessons learned.
Background
NotPetya first emerged in June 2017, when it quickly spread across various countries, primarily targeting organizations in Ukraine. However, it soon became apparent that this cyber threat was not limited to a specific region, as it rapidly infected systems worldwide.
The destructive malware was initially disguised as a ransomware attack, with victims being presented with a ransom note demanding a payment in Bitcoin to unlock their encrypted files. However, it soon became evident that the true intention of NotPetya was not financial gain, but rather widespread disruption and destruction.
Technical Analysis
NotPetya employed a combination of advanced techniques and exploited known vulnerabilities to propagate and wreak havoc. At its core, the attack relied on the EternalBlue exploit (CVE-2017-0144) that leveraged a vulnerability in the SMB protocol of Windows systems. This exploit, originally developed by the National Security Agency (NSA) and later leaked by a hacking group called Shadow Brokers, allowed for remote code execution without user interaction.
Upon infecting a system, NotPetya would employ a multi-stage infection process. It would exploit the EternalBlue vulnerability to gain initial access and then employ credential theft ..
Support the originator by clicking the read the rest link below.
