- Security TWENTY
- Women in Security
The Russian military was almost certainly responsible for the ‘NotPetya’ cyber attack of June 2017; according to the UK official National Cyber Security Centre (NCSC).
Foreign Office Minister of State with responsibility for cyber, Lord (Tariq) Ahmad of Wimbledon, said: “The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017. The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds.
“The Kremlin has positioned Russia in direct opposition to the West: it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it. The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm.
“We are committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyberspace.”
NotPetya saw a malicious data encryption tool inserted into a legitimate piece of software used by most of Ukraine’s financial and government institutions. The ransom note instructed victims to make payments to a single Bitcoin wallet with confirmation that they had paid. However, flaws in the payment process quickly became apparent as the ransom note did not display a ‘personal identification ID’ which would enable the attacker to know whose data to decrypt. NotPetya used the EternalBlue and EternalRomance exploits, which the Shadowbrokers group released in early 2017. Microsoft issued a patch for both exploits.
Christopher Day, chief cybersecurity officer of Cyxtera, said: “The recent identification from the UK, US, Canada and Australia that the NotPetya attack emanated from Russia remind us that the financial, energy and government sectors continue to face powerful adversaries. The reality is that all organisations, particularly those of national importance, face threat actors that are patient, skilled and disciplined. They have an arsenal of cyber-weapons at their disposal and are capable of releasing malicious code on an industrial scale. It’s imperative that we all come together to combat these threats through a combination of tactics, including information-sharing with allies, public condemnation of attacks and adoption of emerging technologies, like a software defined perimeter, that can significantly reduce attack surfaces. Organisations must take steps to stop attackers from gaining unfettered access to unauthorized systems, where they can lie in wait for years before opportunistically launching an attack.”