Tag Archives: Maersk

Security Never Sleeps- Chicago Voters, Maersk Attack

Personal data of 1.8 million Chicago voters accidentally exposed by vendor

“Roughly 1.8 million affected”

Almost 2 million Chicago voters had their phone numbers, addresses, and partial social security numbers have been left exposed on a cloud-storage website. The site was maintained by the Omaha election-services company, and the sensitive information was left vulnerable until a cybersecurity researcher discovered it earlier this week.

Ukraine central bank warns of new cyber-attack risk

“Bank warns lenders of new malware”

Today the Ukrainian central bank has issued warnings to both private and state-owned lenders of the apparent spark of a new malware program making its way through the internet. Ukrainian security forces say this program resembles the NotPetya attacks, which ended up knocking out many global systems on June 27th as it spread rapidly through corporate networks of multinational firms and suppliers in Eastern Europe.

New Android malware that spreads via text can steal victims’ credit card details from other apps

“Even apps you trust might be unsafe”

Most of us have the good sense to not enter credit card details or other financial information into sketchy looking apps or websites out of fear of theft, but hardly anyone would do a doubletake on apps like Amazon. Alas, even our favorite applications may not be a sanctuary for our sensitive information, detailed by security firm Kaspersky Labs recent blog post. The blog claims that a new malware is able to quietly steal victims data when they are put into applications, as well as spy remotely on texts and phone calls

Cyberattack cost Maersk as much as $300 million and disrupted operations for 2 weeks

“Huge costs in goods transport”

A June attack that left shipping operations crippled worldwide, even briefly shutting down the Port of Los Angeles largest cargo terminal, has cost Danish shipping firm A.P. Moller Maersk between $200-$300 million as reported by the firm earlier this week. The unprecedented severity of the attack prompted workers to coordinate improvised communications via social media networks like Twitter, WhatsApp, and even post-it notes to get goods moving from ships to the shore again.

Enjoy your read? Check out our other content here.

My First Trendjack Experience at 10Fold

As a new addition to the 10Fold team, as well as being new to the cybersecurity practice in general, it has been important for me to monitor the news on a daily basis in order to get familiar with trending topics and identify what it is my clients can speak to with authority. Although many stories have caught my eye in the last two months since I started these daily news sweeps, the NotPetya cyber attack stood out to me above all others.  

Peyta/NotPetya/ExPetr/GoldenEye is an ongoing cyberattack that started Tuesday, June 26. It began with a cyberattack in Kiev, Ukraine, where this malware went on to hit around 2,000 computer systems, specifically targeting computers running the Microsoft Windows Operating system. While many people originally believed it to be a form of ransomware similar to the recent ‘Petya’ attacks, this malicious software has been categorized as a  “wiper.” It’s designed to cause mayhem and wipe computers – and is not actually ransomware – which is why this ongoing attack has adopted so many names. It’s similar, but also different in a lot of ways.

Although there were corporations and public sector agencies affected in more than 65 countries all over the world, Ukraine and Russia were hit the hardest, including Ukraine government ministries, banks, utilities, telecom operators, an airport and other major companies. Also attacked were Russian oil giant Rosneft and Russian web security firm group-IB. Computers at the Chernobyl nuclear plant were compromised as well, forcing workers to manually monitor radiation levels, which have their own inherent security and safety challenges. Others hit include companies in the UK, Germany, China and U.S., British advertising giant WWp, French Industrial group Saint-Gobain, Shipping giant A.P. Moller-Maersk, Cadbury, pharmaceutical companies, hospitals and many more.

What was interesting about Petya was that after encrypting files on the PC, it demanded $300 worth of Bitcoin Cryptocurrency in order to supposedly unlock them. It turned out that as the story evolved, the ransomware was later categorized as a wiper, as previously stated, and the computer’s’ files were completely destroyed. Some security experts claim that this attack is more harmful than WannaCry, because rather than spreading only via a weakness in Windows’ SMB, the NotPetya malware can also spread by finding passwords on the infected computer to move from system to system. It extracts passwords from memory and local filesystem. Once inside a corporate network, it works its way from computer to computer, destroying the infected machines’ filesystems.

There has yet to be a solid explanation on the attackers’ motive and what they were after. Researching the attack, NATO said it was likely launched by a state actor or by a non-state actor with support and approval from a nation state since the operation was extremely complex and likely very expensive. The Russian government has been suspected as a possible origin for NotPetya. The latest rumors suggested that it spread by accident by a Ukrainian tax software company, named MeDoc.

NotPetya is continually evolving and more information is exposed every day. As one of the more significant organized attacks in 2017, it should bring awareness to the fact that many are unprotected. Even though large-scale attacks like this are not new, they are important to watch because each time around they are getting stronger and more sophisticated.   

It will be fun keeping an eye on more of these trends as they pop up. The next one I’ll dive into is the recent disclosures of public cloud leaks from organizations using the popular AWS services!

By Kory Buckley

Enjoy your read? Read our other blog content here.

 

Sources:

http://spectrum.ieee.org/tech-talk/computing/it/notpetya-latest-ransomware-is-a-warning-note-from-the-future

https://www.reuters.com/article/us-cyber-attack-ukraine-backdoor-idUSKBN19Q14P

http://www.darkreading.com/attacks-breaches/petya-or-not-global-ransomware-outbreak-hits-europes-industrial-sector-thousands-more/d/d-id/1329231

https://www.theverge.com/2017/7/2/15910826/nato-response-petya-attack-state-actor-russia-ukraine

http://www.csoonline.com/article/3204547/security/petya-wannacry-and-mirai-is-this-the-new-normal.html

https://www.forbes.com/sites/thomasbrewster/2017/07/05/notpetya-hackers-demand-256000-in-bitcoin-to-cure-ransomware-victims/#5f709ac86cf9

10Fold- Security Never Sleeps- 176

Criminal Petya ‘ransomware’ starts to look like wiper malware

“Seemingly intended to wipe systems”

Suspected at first to be a ransomware attack, it seems that Petya, the latest cyberscare in the Ukraine, seems as though it was more of a targeted attack. Large firms such as FedEx, Cadbury, Maersk, and more were affected by the malware, however more indicators point to the fact that the attack was not financially motivated but intended to solely destroy device memory.

Cyber security in industrial control systems poor, says Crest

“Lack of efficient standards to deter attacks”

Industrial control environments are at risk of serious infrastructure risk based on a lack of technical security testing. Crest has publicly pressed for for an upgrade to the cyber security systems ICS environments in response.

Bill Would Bar Pentagon From Business With Russian Cyber Firm Kaspersky

“Russian Cyber Security Firm would be blocked”

A segment of a new bill making its way through the United States Senate would halt any contracting Kaspersky Labs has with the U.S. Department of Defense. The Russian-based security firm had FBI agents visit the homes of many employees in the last week by FBI agents, indicating that congressional pressure may force the company out of one of its markets.