浏览资格证书
Find training
Open page navigation
Cyber Security

This attack seems at first glance to be very similar to the recent Wannacry attack that had such a serious effect on the NHS amongst other victims.

It seems to utilise similar code including some elements such as the EternalBlue exploit disclosed through Shadow Brokers. It also uses similar tactics to try and spread from one infected area to infect other connected systems. Where it appears to differ is in that it seems to be more about stealing credentials and using these than it is about making money for the criminals. It is being suggested that this is more likely to be the work of a nation state than a criminal gang although there is as yet no proof one way or another. The effect of this attack is significant, as it was for Wannacry, and it is also being suggested that this is the prime motive behind the attack.  There is some debate as to whether this is a ransomware attack or a wiper virus attack. The difference between these two is, in the end, irrelevant since the effect is basically the same – no access to the files of the organisation.

The protection against these sorts of attacks and the way to prevent them having a serious effect on systems continues to be very straight forward.

  • The first action is to patch the vulnerabilities as the patches are issued. It is interesting to note that where Petya attack encountered the Microsoft patch (MS17-010) which addressed the vulnerability it tried to utilise, Petya exfiltrated the credentials of the admin accounts instead for use elsewhere.
  • The second action is to ensure there are ample backups notably off line as well as online in order to facilitate the recovery of files should the encryption be successful. Again, it is interesting to note that the “unlock” encryption key that in theory would be used by the Petya attackers to release the files when the ransom was paid did not actually appear to work or be effective.
  • The third action is to ensure that those with admin privileges on systems, (notably those dealing with core or business critical systems), do not use their admin account for normal day-to-day activity such as emailing.

In a more holistic view, this attack emphasises again the need for the controls used to protect organisations’ systems against cyber threats must be effective and operating at a level of maturity that ensures they are agile in operation. The speed at which the configuration of system components can be updated to address particular attacks is critical. Maturity level 5 is required so controls are continually optimised through good service management practice.

APMG’s maturity assessment tool, CDCAT® would provide an evidence-based independent view of the maturity level of the most critical controls and can be completed within a few hours for any system.

RELATED PRODUCTS

Leopard

CDCAT® - Cyber Defence Capability Assessment Tool

Unrivalled in the NIST Cybersecurity Framework maturity, cyber risk quantification and much more

View more
CIISec Product image

CIISEC - Information and Cyber Security Foundation (ICSF)

A brand new, entry level exam for Cyber Security from the Chartered Institute of Information Security (CIISec)

View more

Cyber Essentials

Cyber Essentials is a government backed scheme designed to help organisations protect themselves against cyber attacks.

View more
Close

资格证书与解决方案

认可的培训机构

Leadership

经认证的培训机构

资格证书与解决方案

选中任意的过滤器并点击“应用”查看结果