Browse our certifications
Find training
Open page navigation
Cyber Security

This attack seems at first glance to be very similar to the recent Wannacry attack that had such a serious effect on the NHS amongst other victims.

It seems to utilise similar code including some elements such as the EternalBlue exploit disclosed through Shadow Brokers. It also uses similar tactics to try and spread from one infected area to infect other connected systems. Where it appears to differ is in that it seems to be more about stealing credentials and using these than it is about making money for the criminals. It is being suggested that this is more likely to be the work of a nation state than a criminal gang although there is as yet no proof one way or another. The effect of this attack is significant, as it was for Wannacry, and it is also being suggested that this is the prime motive behind the attack.  There is some debate as to whether this is a ransomware attack or a wiper virus attack. The difference between these two is, in the end, irrelevant since the effect is basically the same – no access to the files of the organisation.

The protection against these sorts of attacks and the way to prevent them having a serious effect on systems continues to be very straight forward.

  • The first action is to patch the vulnerabilities as the patches are issued. It is interesting to note that where Petya attack encountered the Microsoft patch (MS17-010) which addressed the vulnerability it tried to utilise, Petya exfiltrated the credentials of the admin accounts instead for use elsewhere.
  • The second action is to ensure there are ample backups notably off line as well as online in order to facilitate the recovery of files should the encryption be successful. Again, it is interesting to note that the “unlock” encryption key that in theory would be used by the Petya attackers to release the files when the ransom was paid did not actually appear to work or be effective.
  • The third action is to ensure that those with admin privileges on systems, (notably those dealing with core or business critical systems), do not use their admin account for normal day-to-day activity such as emailing.

In a more holistic view, this attack emphasises again the need for the controls used to protect organisations’ systems against cyber threats must be effective and operating at a level of maturity that ensures they are agile in operation. The speed at which the configuration of system components can be updated to address particular attacks is critical. Maturity level 5 is required so controls are continually optimised through good service management practice.

APMG’s maturity assessment tool, CDCAT® would provide an evidence-based independent view of the maturity level of the most critical controls and can be completed within a few hours for any system.

RELATED PRODUCTS

CIISec Product image

CIISEC - Information and Cyber Security Foundation (ICSF)

A brand new, entry level exam for Cyber Security from the Chartered Institute of Information Security (CIISec)

View more
AI Practitioner (AIP) Programme

Artificial Intelligence Practitioner Certification (AIP)

Learn how to use AI to reach your goals and reshape the way you work with the Artificial Intelligence Practitioner certification.

View more
Hot air balloons ascending into the clouds

Cloud Computing

Smooth ascension into the cloud

View more
Close

Certifications & Solutions

Accredited Training Organizations

Leadership

Accredited training providers

Certifications & Solutions

Seleccione cualquier filtro y pulse Aplicar para ver los resultados