NotPetya aka GoldenEye ransomware infection
There's no getting around NotPetya/GoldenEye this week.
About 2000 organisations have been impacted, among which the container shipping company Mearsk, TNT/Fedex and pharma company Merck.
The amount of news on this is slightly overwhelming, so I tried to boil it down:
- It's made to look like the 2016 malware Petya, and uses a few pieces of its code, but has a lot of differences.
- The initial infections probably happened through phony updates of a Ukranian tax accounting software called MEDoc.
- The malware uses the EternalBlue SMB exploit like WannaCry did, but also searches for admin credentials to try and spread laterally through network shares.
- The ransomware aspect might be more of a ruse, in that the focus seems to be more on causing damage, making it more wiper than ransomware.
- Once you paid you needed to e-mail a certain account to get your decryption keys. This account was closed by its vendor, Posteo, so even if you want to pay and decrypt you can't.
- There are suggestions that you wouldn't be able to decrypt your files anyway because of an error in the malware's code. (source)
- There is a 'vaccine' of sorts where you can prevent infection by creating a read-only file in your Windows drive called 'perfc'. (source)
- If you want to read more, this article and this article do a pretty good job.
The leaked source code is Microsoft's Shared Source Kit, which includes hardware drivers, Wifi stack, etc, making it a prime target to scour for exploits. It was uploaded to betaarchive.com, but they have since removed the sensitive material.
These implants were in response of Russia's meddling with the election process. They would be used should the situation escalate further.
It describes itself as "centralized security policy management for multi-cloud environments'.
I'm having a hard time breaking through the enterprise-level marketing-lingo, but if this is your cup of tea you might want to check it out.
It is seen as a huge step in creating a 'hack-proof' communications channel, based on the phenomenon of quantum entanglement.
In-depth article on what lengths Apple goes through to prevent leaks to the press and competitors. Although, ironically, this information was learned through a leaked presentation.
This article takes a critical look at Windows 10 S, a version that promises higher security by, among other things, allowing only app installs through the Windows Store and disabling Powershell.
Not a new attack at all, but a nice short write-up of how an attacker can entice someone to sign up for an account on his fake website, and abusing the signup process to proxy a password reset (including 2fa) on another website. Very hard to defend against.
Interesting article on how to fingerprint text documents uniquely to every recipient so you can identify where a leak originated, including a tool to do just that.
Brian Krebs takes a look at why Russia seems to output more skilled hackers than any other area. It comes down to a higher level of IT education, starting in high school.
A very long article, reading like fiction, about the $55 million Ether theft out of the DAO.
Nice thinking outside of the box :-) BSides London talk by Ross Bevington.