Operatively-sourced intelligence signaled the rise of petya ransomware as early as January 2017… A game of cyber “cat and mouse” on a global level.
By Byron Rashed, Vice President of InfoArmor, Inc.
By the end of June 2017, the Petya ransomware and its variants had infected devices in 65 countries. The scope, severity, and speed of the attack rivaled some of the most improbable, imaginative of Hollywood plots – but the attack was indeed an actual security event, being executed on a new and global level new level.
The exploit leveraged the same vulnerability as the infamous WannaCry malware which had spread rapidly the previous month: MS17-010 (EternalBlue). But unlike WannaCry, Petya did
not have the sort of “back-door” kill switch that was inadvertently discovered as the exploit threat spread, helping to halt its contagion.
Could operatively-sourced intelligence have prevented the contagion? Recent research finds that for several companies, it did just that.
For example, InfoArmor has published research findings: InfoArmor Preempts Ransomware Attacks
In January 2017, InfoArmor’s operative intelligence team identified the threat’s potential for exploitation, enabling clients to identify and patch the open vulnerability, protecting their digital assets from a ransomware attack.
As a result of intel gleaned on the dark web as early as January, by April some companies were aware of the MS17-010 vulnerability. By late April, those same companies knew which specific hosts contained the MS17-010 vulnerability, and were able to bypass the Petya threat entirely.
The research and subsequent series of events that marked the Petya wave strongly signal that operatively-sourced intelligence is an essential and intelligent part of defense-in-depth strategies, and should no longer be considered an optional layer of the security stack.
No matter how much organizations automate their cyber defenses, black hat hackers and other bad actors will scour out vulnerabilities… and the ‘white hat’ operatives quietly conducting operatively sourced threat intelligence will be looking over their shoulders in the web’s darker corners to help discover who’s next at risk.
About the Author
Byron Rashed has over 20 years of industry experience spearheading global marketing and public relations programs in various IT security organizations.
As the Vice President of Global Marketing, Advanced Threat Intelligence for InfoArmor, he is directly responsible for all global marketing and public relations strategies and tactics for the ATI unit.
Mr. Rashed holds a Bachelor of Science degree in industrial engineering from New York University.