- The Strategist - https://www.aspistrategist.org.au -

Cyber wrap

Posted By on July 5, 2017 @ 12:27

What’s old is new again this week, with ransomware from 2016, ‘Petya [1]’, again taking the world by storm, infecting machines across 65 countries [2]. Except that’s not really the case, as Janus Cybercrime Solutions, the original creators of Petya, have publicly stated on Twitter [3] that they are not behind the recent outbreak of Petya. Other analysts have also pointed out the significant differences between the March 2016 original and the recent outbreak which is masquerading itself as ‘Petya’. They’ve come up with a variety of names [4] referencing the  deception: ‘NotPetya [5]’, ‘Petna [6]’, ‘Nyetya [7]’, or only ‘SortaPetya [8]’, or now completely different: ‘GoldenEye [9]’ or ‘PetrWrap [10]’. Naming issues aside, most [11] commentators [12], including NATO Cyber Defence researchers [13], have [14] concluded [15] that this version of Petya [16] is a data wiper in disguise [17], and that the token ransom note is part of an effort to create ‘plausible deniability [16]’ for a wider objective.

The Ukrainian security service [18] has gone a step further, and firmly laid the blame for Petya [19] on Russia as a method to disrupt Ukrainian businesses as part of an ongoing cyber and hybrid war. Publicly available data indicates that Ukraine was the country hardest hit [20], and that the attack began [2] spreading on a mass scale after a malicious update was pushed across a widely used Ukrainian tax program [21], M.E. Doc. Ukrainian cybercrime police are considering charging the company [22] with neglect, after the company ignored repeated warnings that its servers had a number of vulnerabilities.

The Australian government has announced the creation of a new, uniformed, ‘Information Warfare Unit’ [23] within the ADF, with plans to grow the 100 cyber security specialists to 900 within the next 10 years to better protect military networks and mount offensive cyber operations. Also here in Oz, critical infrastructure protection is continuing to prove a trouble area, as the Queensland Audit Office has found that Queensland’s water service providers [24] are vulnerable. One of the key weaknesses identified [25] has been the lack of a central coordinating agency within the Queensland government on cyber issues. The Auditor-General of Western Australia has expressed similar, broader concern [26] about five WA government information systems, finding that the ‘same common weaknesses [27]’ are found ‘year after year’, with little to no action on the part of agencies.

Federally, the Australian National Audit Office has [28] approved of the Department of Human Services’ myGov implementation [29]. The department has been active in procuring new digital capability in other areas as well, including data extraction devices from Cellebrite, the same technology used by the FBI to crack security measures in the San Bernardino attacker’s phone in 2015. The purchase has raised concerns about why [30] Centrelink investigations would require a capability that has previously been restricted to national security and law enforcement applications.

The Five-Country Ministerial meeting on National Security in Ottawa has concluded [31], and the partner countries have announced that they will be [32] approaching communication service providers to establish an industry forum and build better cooperation to counter violent extremist messaging. The governments will engage with ‘communications and technology companies to explore shared solutions’ to access encrypted messaging, demonstrating further movement towards thwarting the encryption of terrorist messaging highlighted as priorities by Prime Minister Turnbull and Attorney-General Brandis in previous [33] statements [34].

Antitrust regulators from the EU have issued Google with a landmark [35] €2.42 billion fine for favouring Google Shopping in its search results [36], after numerous complaints from competitor companies that they were being excluded from Google’s search results [37]. Google’s been provided 90 days to adjust its search ranks equitably, and faces the risk of being slapped with further fines of €10.6 million for every day of non-compliance that passes after that time [38], equivalent to 5% of daily global turnover. Similar investigations are being conducted into Google’s conduct in the smartphone [39] and advertising markets [40]. The EU has spent up to €10 million for a team [41] of technology consultants that can analyse Google’s search engine for discriminatory and anti-competitive behaviours. The bold regulatory moves come in advance of the General Data Protection Regulation’s activation in 2018, which will expand and escalate data protections and punitive actions, indicating that the EU will be backing its information security laws with some teeth.

Cyber laws and norms have suffered a setback at the United Nations, as a group of government experts’ report has fallen short of its lofty goals [42] to formally apply international law to cyberspace after being rejected by a small number of states [43], including Cuba, Russia and China. The states objected to the report’s reference to the possible use of countermeasures and self-defence, and its deference to international humanitarian law regarding proportionality in crafting responses to cyber attacks. The Americans were forthright in declaring [44] it a ploy to allow them to use ‘cyberspace to achieve their political ends with no limits or constraints on their actions’.

For those looking for some good longreads, The Financial Post has published a comprehensive piece [45] detailing the creation of Etherium and what it means for Blockchain. Bloomberg has provided a retrospective on the development [46] of the Chaos Computer Club, an association of white-hat hackers who have been forcing the German government to fix things (by breaking them) since 2006. Finally, ProRepublica has published the details of its investigation into Facebook’s opaque internal moderation standards and policies when it comes to flagging and removing violent extremist content [47].



Article printed from The Strategist: https://www.aspistrategist.org.au

URL to article: https://www.aspistrategist.org.au/cyber-wrap-171/

URLs in this post:

[1] Petya: https://blog.malwarebytes.com/threat-analysis/2016/04/petya-ransomware/

[2] infecting machines across 65 countries: https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/

[3] publicly stated on Twitter: https://twitter.com/JanusSecretary/status/880156466115743744

[4] variety of names: https://twitter.com/MarceloRivero/status/881936776084017152

[5] NotPetya: https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/

[6] Petna: https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/

[7] Nyetya: http://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html

[8] SortaPetya: https://twitter.com/z0mbi3/status/880501659171946496?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fblog.barkly.com%2Fpetya-notpetya-faq

[9] GoldenEye: https://www.bitdefender.com/news/massive-goldeneye-ransomware-attack-affects-users-worldwide-3330.html

[10] PetrWrap: https://www.crowdstrike.com/blog/petrwrap-ransomware-technical-analysis-triple-threat-file-encryption-mft-encryption-credential-theft/

[11] most: https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/

[12] commentators: https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b

[13] including NATO Cyber Defence researchers: https://ccdcoe.org/notpetya-and-wannacry-call-joint-response-international-community.html

[14] have: https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/

[15] concluded: https://lawfareblog.com/thoughts-notpetya-ransomware-attack

[16] this version of Petya: https://medium.com/@thegrugq/pnyetya-yet-another-ransomware-outbreak-59afd1ee89d4

[17] is a data wiper in disguise: https://www.itnews.com.au/news/petya-designed-to-destroy-not-ransom-users-466929?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+

[18] The Ukrainian security service: https://ssu.gov.ua/en/news/1/category/21/view/3660#sthash.yYXMclql.dpbs

[19] firmly laid the blame for Petya: http://www.bbc.com/news/world-europe-40471310

[20] hardest hit: https://securelist.com/schroedingers-petya/78870/

[21] pushed across a widely used Ukrainian tax program: https://www.theverge.com/2017/7/3/15916060/petya-medoc-vulnerability-ransomware-cyberattack

[22] considering charging the company: https://apnews.com/8b02768224de485eb4e7b33ae55b02f2

[23] creation of a new, uniformed, ‘Information Warfare Unit’: https://www.itnews.com.au/news/australia-has-created-a-cyber-warfare-unit-467115?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+

[24] found that Queensland’s water service providers: http://www.parliament.qld.gov.au/Documents/TableOffice/TabledPapers/2017/5517T1049.pdf

[25] key weaknesses identified: https://www.itnews.com.au/news/hackers-could-fairly-easily-cripple-qlds-water-system-466610?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+

[26] expressed similar, broader concern: http://www.zdnet.com/article/wa-auditor-general-able-to-guess-database-administrator-passwords/

[27] same common weaknesses: https://audit.wa.gov.au/wp-content/uploads/2017/06/report2017_12-ISAuditReport.pdf

[28] Australian National Audit Office has: https://www.anao.gov.au/work/performance-audit/mygov-digital-services

[29] myGov implementation: https://www.itnews.com.au/news/dhs-gets-auditors-tick-for-mygov-466619?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+

[30] raised concerns about why: http://www.smh.com.au/national/centrelink-hacking-into-fraudsters-phones-20170627-gwzgqc.html

[31] Five-Country Ministerial meeting on National Security in Ottawa has concluded: https://www.pcworld.idg.com.au/article/621268/five-eyes-want-cooperation-from-tech-companies-encryption/

[32] announced that they will be: https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/fv-cntry-mnstrl-2017/index-en.aspx

[33] previous: http://www.pm.gov.au/media/2017-06-13/national-security-statement

[34] statements: https://www.attorneygeneral.gov.au/Mediareleases/Pages/2017/SecondQuarter/Tackling-Encryption-and-Border-Security-key-Priorities-at-Five-Eyes-Meeting-in-Ottawah.aspx

[35] issued Google with a landmark: http://europa.eu/rapid/press-release_IP-17-1784_en.htm

[36] favouring Google Shopping in its search results: http://www.reuters.com/article/us-eu-google-antitrust-idUSKBN19I108

[37] being excluded from Google’s search results: http://www.abc.net.au/news/2017-06-27/google-fined-record-$3.57-billion-by-european-union/8657470

[38] every day of non-compliance that passes after that time: https://www.theguardian.com/business/2017/jun/27/google-braces-for-record-breaking-1bn-fine-from-eu

[39] smartphone: http://europa.eu/rapid/press-release_IP-16-1492_en.htm

[40] advertising markets: http://europa.eu/rapid/press-release_IP-16-2532_en.htm

[41] spent up to €10 million for a team: http://www.telegraph.co.uk/technology/2017/06/30/eu-appoints-tech-experts-police-googles-search-results/

[42] fallen short of its lofty goals: https://www.cfr.org/blog-post/development-cyber-norms-united-nations-ends-deadlock-now-what?utm_source=CSIS+All&utm_campaign=0e1c21b41c-EMAIL_CAMPAIGN_2017_06_30&utm_medium=email&utm_term=0_f326fc46b6-0e1c21b41c-145371421

[43] rejected by a small number of states: https://www.justsecurity.org/42768/international-cyber-law-politicized-gges-failure-advance-cyber-norms/

[44] declaring: https://www.state.gov/s/cyberissues/releasesandremarks/272175.htm

[45] published a comprehensive piece: http://business.financialpost.com/feature/the-cryptocurrency-prophet/wcm/faf71b6d-df9b-42dd-9ede-ba35725957c5

[46] provided a retrospective on the development: https://www.bloomberg.com/news/features/2017-06-27/the-chaos-computer-club-is-fighting-to-save-democracy

[47] flagging and removing violent extremist content: https://www.propublica.org/article/facebook-hate-speech-censorship-internal-documents-algorithms

Copyright © 2024 The Strategist. All rights reserved.