Page 24 - 网络防御杂志 - 2017年11月
SEEING AROUND CORNERS: OPERATIVELY-SOURCED INTEL PREDICTED A RANSOMWARE OUTBREAK OPERATIVELY-SOURCED INTELLIGENCE SIGNALED THE RISE OF PETYA RANSOMWARE AS EARLY AS JANUARY 2017... A GAME OF CYBER "CAT AND MOUSE" ON A GLOBAL LEVEL. by Byron Rashed, Vice President of InfoArmor, Inc. By the end of June, 2017, the Petya ransomware and its variants had infected devices in 65 countries. The scope, severity and speed of the attack rivaled some of the most improbable, imaginative of Hollywood plots - but the attack was indeed an actual security event, being executed on a new and global level new level. The exploit leveraged the same vulnerability as the infamous WannaCry malware which had spread rapidly the previous month: MS17-010 (EternalBlue). But unlike WannaCry, Petya did “Damage estimates from Petya were in the tens of millions from many affected organizations, with most costs due to lost productivity and remediation costs. But the greater damage was trust – Petya served as a wake-up call that power grids, financial institutions and major corporations were all vulnerable to ransomware.” not have the sort of “back-door” kill switch that was inadvertently discovered as the exploit threat spread, helping to halt its contagion. Could operatively-sourced intelligence have prevented the contagion? Recent research finds that for several companies, it did just that. For example, InfoArmor has published research findings: InfoArmor Preempts Ransomware Attacks In January 2017, InfoArmor’s operative intelligence team identified the threat’s potential for exploitation, enabling clients to identify and patch the open vulnerability, protecting their digital assets from ransomware attack. As the result of intel gleaned on the dark web as early as January, by April some companies were aware of the MS17-010 vulnerability. By late April, those same companies knew which specific hosts contained the MS17-010 vulnerability, and were able to bypass the Petya threat entirely. 24 Cyber Defense eMagazine – November 2017 Edition Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.