54: NotPetya

en-usDecember 24, 2019

Podcast Summary

The NotPetya Cyber-Attack and the Dangers of State-Sponsored Hacking and Cyber-Warfare: State-sponsored hacking and cyber-warfare pose serious risks, with potential for devastating damage and escalation of conflict. Effective cyber security measures are essential in safeguarding against such attacks.
The story of NotPetya, the biggest cyber-attack in history, and the cyber-war in Ukraine it was part of, highlights the dangers of state-sponsored hacking and internet warfare. The attack was reportedly the work of hackers working with the Russian government, who used a worm virus and a tool called Mimikatz, among others, to spread the virus across networks and cause severe damage. The attack was part of a wider conflict between Russia and Ukraine, which included the military occupation of parts of Ukraine and other cyber-attacks. Such attacks could be devastating in terms of the damage caused and the potential for escalation of conflicts, making it important to have effective cyber security measures in place.
Mimikatz, EternalBlue and Petya: The danger of combining tools for a catastrophic network attack.: The use of tools like Mimikatz and EternalBlue can result in devastating network attacks that encrypt all hard drives with Petya ransomware. Stay vigilant and implement security measures to prevent such attacks.
The use of tools like Mimikatz and EternalBlue, along with ransomware like Petya, can result in a devastating attack on a network. Mimikatz allows hackers to easily extract usernames and passwords in clear text from Windows computers, while EternalBlue is a powerful tool that can run code remotely on any vulnerable Windows machine. When combined with ransomware like Petya, these tools can encrypt all hard drives in a network and make them unusable unless the decryption key is provided. Even fully-patched and updated computers can be vulnerable, making it crucial to stay vigilant and implement security measures to prevent such attacks.
The NotPetya Attack: A Lesson in the Importance of Cybersecurity Measures: Applying patches and taking proactive cybersecurity measures are crucial to avoid falling prey to identity theft, data breaches, and ransomware, as demonstrated by the NotPetya attack that targeted Ukraine.
The NotPetya attack was launched on Ukraine by infecting MeDoc, an accounting software, with a spreading virus that could only affect those who use it. The attack used a combination of Mimikatz and EternalBlue to gain access to computers with unpatched SMB vulnerability and infect them with ransomware. Windows had a patch for this vulnerability but not everyone had applied it, leaving countless machines vulnerable. The hackers targeted a small company in Kiev that provided MeDoc updates to users in Ukraine. The virus was placed on the MeDoc update server and spread to thousands of computers in Ukraine almost instantly. This shows the danger of not applying patches and the importance of cyber-security measures.
NotPetya: The Destructive Ransomware Worm: NotPetya was a vicious attack that affected multinational companies and brought them down. It highlighted the need for precautionary measures and regular backups to protect against cyber attacks without borders.
NotPetya was not just a ransomware worm, but a destructive worm posing as ransomware. Even if the ransom was paid, the files were not going to be decrypted. It infected not just Ukraine but many multinational companies that had MeDoc installed. The attack didn't stop at the borders of Ukraine, and any company connected to networks in Ukraine or sharing computers with infected companies was also getting infected. It caused a catastrophe and brought down over 300 companies. Cyber-attacks know no boundaries, and it's essential to take necessary precautions and have backups in place to avoid such attacks in the future.
The NotPetya Cyber Attack and the Fragility of Our Connected World: The NotPetya cyber attack in Ukraine showed the devastating effects of a targeted attack on critical infrastructure and emphasized the importance of preparedness, security, and recovery strategies in our increasingly connected world. Take cyber-security seriously.
The NotPetya cyber attack in Ukraine resulted in a fundamental attack on the basic infrastructure of people's lives. It affected critical infrastructure and was massive in scale, causing chaos and disorientation for people who found themselves in a world where everything was suddenly broken. It was an act of cyber-war, designed to disrupt adversary's system and affected the whole country's digital systems. This incident highlights the fragility of our connected world, emphasising the need for preparedness, security, and recovery strategies. In disasters, emergency crews may not be enough to help everyone, and people may be on their own, at the whim of someone willing to help. This incident serves as a warning and reminder for the need to take cyber-security seriously.
Lessons learned from the NotPetya cyber-attack: A wake-up call for all businesses.: The cyber-attack highlighted the vulnerability of businesses to cyber-threats, emphasizing the need for robust cybersecurity measures. Investing in cybersecurity should be a priority for all companies to protect their operations and confidential data and ensure their survival.
The NotPetya cyber-attack that originated in Ukraine affected global companies beyond Ukraine, such as Maersk, FedEx, and Merck. The attack caused Maersk's entire global network to be infected, shutting down terminals and affecting their shipping operations worldwide. It highlighted the vulnerability of companies to cyber-attacks, and the importance of having robust cybersecurity measures in place. The attack shows that businesses should prioritize investing in cybersecurity to protect their operations and confidential data. It is a call for all businesses to be proactive in protecting themselves, as even the smallest vulnerability can lead to catastrophic consequences, as seen in the case of Maersk. Being prepared with a robust cybersecurity plan can be vital to a business's survival.
The NotPetya Attack on Maersk: A Wake-up Call for Physical Infrastructure Vulnerability: The attack on Maersk demonstrated how digital attacks can have a greater impact on physical infrastructure. Investing in cybersecurity is crucial to protect critical infrastructure and prevent widespread disruption.
The NotPetya attack on Maersk, the world's largest shipping conglomerate, resulted in the shutdown of a significant chunk of its physical operation globally, demonstrating how vulnerable physical infrastructure is to digital attacks. The attack on tens of thousands of computers caused more physical disruption than directly attacking physical equipment. Maersk's operations are crucial to the global economy, and the impact of an attack on it was felt worldwide. The attack wiped out their backups and disaster recovery centers, leaving them with no means of recovery. Even after the US government bailed out banks in 2008, Maersk, which holds one million crucial items on each of its ships, did not receive any help, emphasizing the importance of investing in cybersecurity and protecting critical infrastructure.
Importance of Offsite Backups in Preventing Catastrophic Network Loss: Establish proper backup and redundancy systems and test them regularly to ensure business continuity in the event of a cyber-attack.
The NotPetya attack on Maersk wiped out their entire network, causing them to rebuild it from scratch. They hired Deloitte for incident response and set up an emergency recovery center. They came up with a plan to deploy bootable operating systems on USB sticks to get employees back online quickly. But they faced a hurdle when they realized they didn't have a backup copy of their domain controllers, the core backbone of their network. All the domain controllers were ruined, including their backups and redundant ones. This highlights the importance of having offsite backups to restore data in case of such attacks. Companies should establish proper backup and redundancy systems and test them regularly to ensure business continuity.
The Devastating Impact of the NotPetya Cyber Attack on Ukraine: Cybersecurity and disaster recovery plans are critical to protecting against the financial and societal costs of increasingly frequent and complex cyber-attacks, particularly as society becomes more interconnected through technology.
The NotPetya attack was a full-spectrum cyber-war that hit Ukraine at a national scale causing panic and chaos everywhere. It affected over 300 organizations and cost Maersk alone $350 million. Loaned staff from partner companies were brought in to help recover the network. This incident highlights the importance of disaster recovery plans and securing critical data. The man-made attack was not just about Russia's and Ukraine's enemies, but more evidence was needed to identify the source. Cybersecurity is critical as we become increasingly dependent on technology and interconnected through the internet, making us more vulnerable to cyber-attacks that can result in significant financial and societal outcomes.
The NotPetya Cyber-Attack and the Role of the Sandworm Group and Russia's Military Intelligence Agency: The 2017 NotPetya cyber-attack, attributed to the Sandworm group and Russia's military intelligence agency, was a culmination of escalating attacks against a military target. The attack affected multinational companies, and despite delays in naming Russia publicly, the Five Eyes intelligence agencies identified them as the perpetrator.
NotPetya cyber-attack was the climax of a nation-state sponsored, escalating cyber-attack against a military target, and was carried out by the GRU, Russia's military intelligence agency. Forensic investigation of the virus and server network, compile times, and code analysis led to the discovery of the cyber-attack being perpetrated by the Sandworm group tied to the earlier waves of attacks against Ukraine. The Russian-speaking Sandworm group had a how-to manual for using their trojan on the command and control server. The multinational companies affected by the worst-ever cyber-attack in history did not publicly name Russia until the White House put out a statement nine months later. The Five Eyes, English-speaking nations' intelligence agencies, simultaneously named Russia as the perpetrator of the NotPetya attack. The FBI also did their own investigation with international and Ukrainian companies, but their findings are unknown.
The NotPetya Cyber Attack and its Connection to Russian Hackers: The NotPetya cyber attack caused billions of dollars in damages, raising questions about Russia's use of open-source hacking tools like Mimikatz and EternalBlue. The difficulty in tracking down the attackers highlights the challenge of combating cyber threats.
The GRU hackers behind the 2016 US election meddling and NotPetya cyber attack are believed to be working for Russia's GRU in Moscow. The estimated damages from the NotPetya attack totaled ten billion dollars, making it the largest cyber-attack in history. Mimikatz and EternalBlue were used in the attack, both of which are open-source and freely available for anyone to use. It is unclear why Russia would give away EternalBlue and then use it to hack Ukraine, but it is possible that they did not anticipate the level of damage that occurred. The proximity to the attackers did not provide Andy with any access to information on them, and the feeling of futility and inability to get closer was daunting.
The Flawed Windows Authentication System: A Major Vulnerability in Cyber Warfare: It is important for individuals and organizations to be aware of the vulnerability in the Windows authentication system and take necessary measures to prevent cyberattacks by enabling security tools like Microsoft Windows Credential Guard. Keeping systems updated is crucial in the prevention of future attacks.
The NotPetya cyberattack was just a small part of Russia's larger cyber warfare campaign against Ukraine. These attacks are equally serious and scary, making it important for people to be aware of the issue. The flawed Windows authentication system is a major vulnerability that leaves hundreds of thousands of Windows computers vulnerable to cyberattacks like Mimikatz. Although Microsoft has released fixes and tools like Microsoft Windows Credential Guard to address the issue, it is not enabled by default and makes the system insecure by design, leaving it vulnerable for nation-state operations to exploit. The world has not learned from the NotPetya attack, and it is our responsibility to keep our systems updated to prevent future cyberattacks.

Recent Episodes from Darknet Diaries

In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changes everything.

This story comes from part of Geoff’s book “Rinsed” which goes into the world of money laundering. Get yours here https://amzn.to/3VJs7pb.

Darknet Diaries

en-usJuly 02, 2024

146: ANOM

In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

Darknet Diaries

en-usJune 04, 2024

145: Shannen

Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usMay 07, 2024

undercover operations

144: Rachel

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usApril 02, 2024

143: Jim Hates Scams

Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usMarch 05, 2024

142: Axact

Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usFebruary 06, 2024

information questioning

deceptive situations

ethical practices

141: The Pig Butcher

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usJanuary 02, 2024

online identity verification

online relationships

social stigmas

financial scams

emotional manipulation

crypto investments

bec attacks

cybersecurity awareness

fraud prevention

secure transactions

140: Revenge Bytes

Madison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usDecember 05, 2023

139: D3f4ult

This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usNovember 07, 2023

138: The Mimics of Punjab

This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usOctober 03, 2023

limited law enforcement resources

Related Episodes

Secure Digital Life #2 - What is a VPN?

What is rogue WiFi? Doug and Russ explain why it’s a threat to your device and why you should use a virtual private network (VPN) every time you connect!

Secure Digital Life (Audio)

enMarch 08, 2017

Secure Digital Life #4 - What Is the Internet of Things?

Are you surrounded by gadgets? You probably are. Doug and Russ talk about the Internet of Things (IoT) and how it affects and changes your life!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Secure_Digital_Life_Episode04_March_02,_2017

Twitter: @SecureDigLife

Secure Digital Life (Audio)

enMarch 08, 2017

Secure Digital Life #3 - What Data Should You Submit on the Internet?

Everything you share online is shared with the entire world. It’s like the world’s biggest subway platform. Doug and Russ talk about what to share and what not to share in this giant, greasy mess!

Secure Digital Life (Audio)

enMarch 08, 2017

Ep 21: Black Duck Eggs

Ira Winkler's specialty is assembling elite teams of special forces and intelligence officers to go after companies. Ira shares a story about a time he and his team broke into a global 5 company. A company so large that theft of intellictual property could result in billions of dollars of damage. Ira's consulting company: Secure Mentum. His books: Spies Among Us, Advanced Persistent Security, Through the Eyes of the Enemy. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usSeptember 01, 2018

Ep 38: Dark Caracal

A journalist wrote articles critical of the Kazakhstan government. The government did not like this and attempted to silence her. But they may have done more than just silence her. Perhaps they tried to spy on her too. The EFF investigated this case and went down a very interesting rabbit hole. Thanks to Cooper Q from EFF's new Threat Lab. Also big thanks to Eva from EFF, Andrew Blaich and Michael Flossman from Lookout. For another story about the EFF listen to episode 12 "Crypto Wars". This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usMay 14, 2019