Page 24 - 网络防御杂志 - 2017年11月
P. 24

SEEING AROUND CORNERS: OPERATIVELY-SOURCED

               INTEL PREDICTED A RANSOMWARE OUTBREAK




               OPERATIVELY-SOURCED INTELLIGENCE SIGNALED THE RISE OF PETYA RANSOMWARE AS
               EARLY AS JANUARY 2017...  A GAME OF CYBER "CAT AND MOUSE" ON A GLOBAL LEVEL.



               by  Byron Rashed, Vice President of InfoArmor, Inc.

               By the end of June, 2017, the Petya ransomware and its variants had infected devices in 65
               countries. The scope, severity and speed of the attack rivaled some of the most improbable,
               imaginative  of  Hollywood  plots  -   but  the  attack  was  indeed  an  actual  security  event,  being
               executed on a new and global level new level.

               The  exploit  leveraged the  same  vulnerability  as  the  infamous WannaCry  malware  which  had
               spread rapidly  the  previous  month:  MS17-010  (EternalBlue). But  unlike WannaCry,  Petya  did




                   “Damage estimates from Petya were in the tens of millions from many
                     affected organizations, with most costs due to lost productivity and
                  remediation costs. But the greater damage was trust – Petya served as
                       a wake-up call that power grids, financial institutions and major
                                corporations were all vulnerable to ransomware.”






               not have the sort of “back-door” kill switch that was inadvertently discovered as the exploit threat
               spread, helping to halt its contagion.

               Could  operatively-sourced  intelligence  have  prevented  the  contagion?  Recent  research  finds
               that for several companies, it did just that.

               For  example,  InfoArmor  has  published  research  findings:   InfoArmor  Preempts  Ransomware
               Attacks

               In  January  2017,  InfoArmor’s  operative  intelligence  team  identified  the  threat’s  potential  for
               exploitation, enabling clients to identify and patch the open vulnerability, protecting their digital
               assets from ransomware attack.

               As the result of intel gleaned on the dark web as early as January, by April some companies
               were  aware  of the  MS17-010  vulnerability.  By  late  April, those same  companies knew  which
               specific hosts contained the MS17-010 vulnerability, and were able to bypass the Petya threat
               entirely.


                   24    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   19   20   21   22   23   24   25   26   27   28   29