Grote hack bij Maersk legt Rotterdamse containerterminal plat

twitter:

HIBC2017 twitterde op dinsdag 27-06-2017 om 19:04:31 Do not pay the #Petya ransom. You will not get your files back. The email address used is blocked! @SwiftOnSecurity… https://t.co/6mM08JLz5i reageer retweet

twitter:

Snowden twitterde op dinsdag 27-06-2017 om 19:39:53 Symantec confirms global #Petya ransomware attack hitting computers today (hospitals, supermarkets, banks) uses NSA… https://t.co/cH9RtjT1Sd reageer retweet

quote:

Op dinsdag 27 juni 2017 22:14 schreef hertogjan_lekkerman het volgende:
onze toe leverancier is helaas ook getroffen. We hebben nog een paar dagen voorraad maar dan moet het wel aangevuld zijn. Lichte paniek merk ik

quote:

Op dinsdag 27 juni 2017 22:16 schreef _--_ het volgende:

[..]

toe leverancier?

quote:

Op dinsdag 27 juni 2017 22:14 schreef hertogjan_lekkerman het volgende:
onze toe leverancier is helaas ook getroffen. We hebben nog een paar dagen voorraad maar dan moet het wel aangevuld zijn. Lichte paniek merk ik

quote:

Op dinsdag 27 juni 2017 22:20 schreef Revolution-NL het volgende:

[..]

Fijn om als bedrijf afhankelijk te zijn van een leverancier die zijn IT niet op orde heeft

quote:

Op dinsdag 27 juni 2017 22:20 schreef Revolution-NL het volgende:

[..]

Fijn om als bedrijf afhankelijk te zijn van een leverancier die zijn IT niet op orde heeft

quote:

Op dinsdag 27 juni 2017 22:22 schreef Fir3fly het volgende:

[..]

Oftewel elke leverancier ?

quote:

Op dinsdag 27 juni 2017 22:48 schreef Revolution-NL het volgende:

[..]

Onzin, genoeg bedrijven die serieus met informatiebeveiliging omgaan en bijvoorbeeld wel gewoon aan vulnerability management en risicobeoordelingen doen.

Binnen het bedrijfsleven is it-security helaas vaak nog wel een ondergeschoven kindje. Het moet van het management vaak vooral goedkoop en functioneel blijven

Worden ze getroffen dan is het leed voor het bedrijf niet te overzien, vooral niet als het de media haalt je met en je met je bedrijf ineens in de krant staat met een datalek.

quote:

Op dinsdag 27 juni 2017 22:48 schreef Revolution-NL het volgende:

[..]

Onzin, genoeg bedrijven die serieus met informatiebeveiliging omgaan en bijvoorbeeld wel gewoon aan vulnerability management en risicobeoordelingen doen.

quote:

When the Wannacry ransomware tore through the UK and Europe in May, there was a certain logic to the heightened scale of damage. Ransomware attacks were nothing new, but this one had a secret weapon, a sophisticated software exploit known as EternalBlue, published by the Shadow Brokers in April and believed to have been developed by the NSA. It was nation-state level weaponry turned against soft, civilian targets, like robbing a small-town bank with an Abrams tank. If you were looking for answers on how it spread so far so fast, you didn’t have to look far.

Now, just over a month later, a new strain of ransomware has inflicted similar damage with almost none of that firepower. A variant of the Petya family of ransomware, the virus has infected thousands of systems across the world, including massive multi-national corporations like Maersk, Rosneft and Merck, but it’s done so with far less raw material. Petya is still using EternalBlue, but by now many of the target organizations are protected, and that exploit is far less crucial to the ransomware’s spread. Instead, Petya exploits more fundamental vulnerabilities in the way we run networks and, more crucially, deliver patches. They’re not as eye-catching as an NSA exploit, but they’re more powerful, and could leave organizations in a much more difficult position as they try to recover from today’s attacks.

Where WannaCry focused on poorly patched systems, Petya seems to have hit hardest among large corporate networks, a pattern that’s partially explained by how the virus spread. Once a single computer on a network was infected, Petya leveraged Windows networking tools like Windows Management Instrumentation (WMI) and PsExec to infect other computers on the same network.

Both tools are normally used for remote admin access, but security researcher Lesley Carhart says they’re often used by attackers as a way to spread malware within a compromised network. “WMI is a super-effective lateral movement method for hackers. It's frequently allowed and built-in, so rarely logged or blocked by security tools,” says Carhart. “Psexec is a bit more depreciated and more monitored but still very effective.”


Even networks that had patched against the EternalBlue exploit were sometimes vulnerable to attacks launched from within the network. According to F-Secure’s Sean Sullivan, that’s in keeping with previous Petya attacks, which have historically targeted large companies likely to quickly pay out ransoms. “This started as a group targeting businesses,” Sullivan says, “and you have them picking up an exploit that’s perfect to nail businesses with.”

The more troubling aspect is how Petya got into the computers in the first place. According to research by Talos Intelligence, the ransomware may have spread through a falsified update to a Ukranian accounting system called MeDoc. MeDoc has denied the allegations, but a number of other groups have concurred with Talos’s finding, pointing to what appears to be a forged digital signature in the payload. If that signature was effective, it would have given attackers a clean way into almost any system running the software.

That would also explain Petya’s heavy footprint in Ukraine: as many as 60 percent of total infections were in the country, including the country’s central bank and largest airport.

“It’s like the holy grail for attackers”

It’s not the first time hackers have compromised auto-update systems to deliver malware, although the attack has usually been restricted to nation states. In 2012, the Flame malware compromised the Windows update process to deliver malware to targets in Iran, an operation that many have attributed to the US government. A 2013 attack on South Korean banks and TV stations also spread through compromised internal patching systems.

NYU security researcher Justin Cappos, who works on securing patching procedures as part of The Update Framework, says those underlying flaws are remarkably common. Organizations often fail to verify updates or leave the underlying keys insufficiently protected. At the same time, compromising software updates is one of the most powerful ways to compromise a system.

“It’s like the holy grail for attackers,” says Cappos. “This piece of software is on every computer, it usually runs with admin access, it makes outgoing connections that tend to be encrypted and it bypasses any firewall you have.”

https://www.theverge.com/(...)ate-wannacry-exploit

quote:

.
By creating a read-only file - named perfc - and placing it within a computer's "C:\Windows" folder, the attack will be stopped in its tracks

quote:

Op woensdag 28 juni 2017 09:45 schreef Toefjes het volgende:
http://www.rijnmond.nl/ni(...)at-na-computeraanval

APM nog steeds met stilstaande kranen.

quote:

Op woensdag 28 juni 2017 10:37 schreef Eyjafjallajoekull het volgende:

[..]

NOS komt opeens met theorie over dat het ransom gedeelte maar een vermomming is voor een test of iets dergelijks

http://nos.nl/artikel/218(...)een-gijzelvirus.html