cybersecurity lessons learned by organizations


NotPetya remains the largest cyberattack in recorded history, causing over $10 billion in damage worldwide.

On June 27, 2017, the NotPetya attack caused over $10 billion in damage to businesses worldwide. Five years later, we consider the lessons learned since

Although initially seen as ransomware, with a message demanding $300 worth of Bitcoin to be sent to victims, these “ransoms” turned out to be spurious, with no real opportunity for decryption for payment. Once restarted, the computers underwent irreversible encryption of master boot records, with no decryption key to find, even for organizations willing to pay the requested fee.

The first companies affected by the NotPetya attack included large companies located in Ukraine – including its national bank – with Russian companies also targeted. Kaspersky cybersecurity experts then detected similar attacks in the UK, France, Germany, Italy and Poland. A day after the initial attack, ESET predicted that 80% of all infections occurred in Ukraine, with Germany being the second hardest hit at around 9%.

“NotPetya has become ‘the most economically damaging cyber attack of all time’ by using EternalBlue to enter and exploit Windows-based machines with unpatched security,” said Lawrence Perret-Hall, director of CYFOR Secure.

“The most crucial finding here is that while small businesses may think they are exempt from becoming the target of large-scale attacks, a ransomware breach is still possible – a fact that has only been exacerbated by the war in Ukraine and tensions between the West and Russia.”

The more than $10 billion in damages inflicted on NotPetya victims make the attack one of the biggest incidents in cybersecurity history, and came just weeks after the WannaCry ransomware attack.

Quick fix support

To minimize damage, businesses should turn to a solid business continuity strategy, which should ideally include incident response, backup and recovery.

Perret-Hall continued, “Backups and staff training are effective, cost-effective, and proactive ways for organizations to better protect against ransomware and aid recovery in the event of an attack.

“A mix of small and frequent, full and long-term backups provides more substantial protection when implemented in tandem with encrypted offsite storage. At the same time, regular staff training initiatives help to emphasize the importance of cybersecurity throughout the organization and highlight simple and easy ways to implement better cyber hygiene on a daily basis.

“However, having an incident response (IR) plan and business continuity manuals in place to support rapid resolution after an attack is crucial. In cybersecurity, it’s not a matter of “if” but “when,” and organizations must have the resources and expertise to quickly and effectively combat an attack when it inevitably occurs. . »

Active Directory Recovery

The NotPetya attack acted as a wake-up call for organizations across all industries, emphasizing that viruses never discriminate on business, political or geographic grounds. This means that your business may eventually become collateral damage when a partner is attacked.

NotPetya particularly affected Active Directory, the database that connects users to network resources. With this vital part of the company’s infrastructure becoming encrypted, operations were halted en masse.

“Some of the greatest damage was suffered by shipping giant Maersk: 45,000 computers were encrypted, including all but one of their Active Directory domain controllers, and luckily for them because, as one member thought Maersk IT staff; “If we can’t recover our domain controllers…we can’t recover anything,” said Brian Hymer, Solutions Architect at Quest.

“Maersk has learned that restoring Active Directory is not only critical, but also particularly difficult. Organizations should ensure they have a dedicated AD recovery plan in place to get their business back up and running as quickly and safely as possible.

“Unlike conventional weapons, cyber weapons can essentially be recovered and reused by the enemy, and businesses must be prepared for recovery, by prioritizing, planning and testing at least once a year, to especially since it is always possible that some vulnerabilities cannot be fixed.”

A culture focused on safety

According to Rick Jones, CEO of DigitalXRAID, proactive cybersecurity is essential, and this can be achieved by establishing and maintaining an organizational culture with security at the forefront.

Jones said: “NotPetya marked the beginning of what we can only describe as a ransomware crisis, ushering in an era of increasingly frequent and damaging cyberattacks.

“Not only has NotPetya been called a ‘watershed moment’ for the cyberinsurance market – catalyzing growing clause rigidity and rising premiums – but, with the countless ransomware attacks that followed in its wake, left organizations from all sectors at risk of critical attack.

“But in a climate where risk transfer with cyber insurance is no longer a readily available form of cyber protection, how can organizations best protect themselves against ever-increasing ransomware threats?

“A ‘security-driven’ cultural shift needs to occur within organizations to reach a point where cybersecurity is accepted as an enterprise-wide issue and responsibility. By working towards this with regular training programs and phishing simulations to educate and train employees, companies can also be proactive in detecting and mitigating threats.

Related:

Microsoft Outage: Why Enterprises Need to Prioritize Machine Identity Management — Following Microsoft’s failure to update its Windows Insider subdomain certificate over the weekend, we let’s take a look at how machine identity management can help organizations avoid an outage.

Overcoming Cybersecurity’s Biggest Staffing Challenges – Andrew Rose, Resident CISO EMEA at Proofpoint, discusses the biggest cybersecurity staffing challenges facing organizations and how to overcome them.

Comments are closed.