Lessons from NotPetya Attack: Executive Insights

Lessons from NotPetya Attack: Executive Insights
Slide Note
Embed
Share

Discover the aftermath and impact of the 2017 NotPetya cyberattack, its spread, and implications for executives and boards. Insights on preparation and response strategies

  • Cybersecurity
  • NotPetya
  • Cyberattack
  • Executive Insights
  • Data Security
gamilac
gamilac Follow

Uploaded on Mar 07, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Accidental Anarchy: the NotPetya Attack WHAT EXECUTIVES & BOARDS CAN LEARN FROM THIS 2017 INCIDENT

  2. About Me Security Ledger Paul Roberts Founded in 2012 Technology reporter, editor and industry analyst An independent voice in information security 15+ years covering information security Pioneering coverage of: Internet of Things and security Threats to critical infrastructure Connected vehicles Healthcare cyber security Cybersecurity policy Contributor: Christian Science Monitor, Economist, CIO/CSO, Economist Intelligence Unit, MIT Tech Review, Infoworld, Threatpost, etc. Analyst: 451 Group Blog, podcast, in-person & online events SECURITY LEDGER | BOX JUMP LLC

  3. Shameless promotion If you like what you hear, subscribe to Security Ledger s Weekly Ledger. oExecutive-focused email newsletter rounding up the top cyber security stories of the week. oText the word security to the number 345345 to join.

  4. Background: NotPetya oFirst appeared June 27, 2017 oDestructive wiper malware that looks/acts like ransomware oWipers don t just encrypt data they destroy it oBased on known ransomware dubbed Petya (Russian) oBelieved to be nation-state backed operation oPrimary target: Govt. of Ukraine and Ukraine civil society

  5. Background: NotPetya o Initially spread as a software update for M.E.Docs, Ukrainian Accounting software package oDistributed as signed software updates from compromised firm oDestructive wiper malware designed to look/act like ransomware oBased on known malicious software dubbed Petya with Russian origins but probably created by a separate group oBelieved to be nation-state backed operation oPrimary target: Ukraine

  6. NotPetya Infections by Country Infected more than 1 million computers 2,000 companies in Ukraine hit by NotPetya Extensive spill over outside Ukraine including Russia, Poland, Italy, Germany FedEx, Maersk, Merck & Mondelez all heavily impacted

  7. Why this matters (part 1) oPart of long running tensions between Russia and Ukraine oExtensive use of cyber operations to disrupt Ukrainian government and civil society oCompanies were not targets of campaign or actors, but innocent bystanders of regional tension between Russia and Ukraine

  8. (maskirovka) A RUSSIAN MILITARY DOCTRINE DEVELOPED FROM THE START OF THE TWENTIETH CENTURY. THE DOCTRINE COVERS A BROAD RANGE OF MEASURES FOR MILITARY DECEPTION, FROM CAMOUFLAGE TO DENIAL AND DECEPTION.

  9. Why this matters (part 2) oMassively costly to affected firms o $400 million in direct, indirect costs at FedEx (and counting) o $184m for Mondelez with $84m in direct costs and ~$100 million in lost revenue o Merck left unable to produce GARDASIL vaccine prompting emergency borrowing from US Govt. stockpile

  10. Why this matters (part 3) oAffected companies were hit because: oThey were in the Ukraine or Ukraine-based OR oThey used the M.E. Docs software internally either corporate wide or as part of a subsidiary/acquisition OR oThey hadn t applied the Microsoft MS17-010 patch and were vulnerable to exploit by EternalBlue and/or Eternal Romance Windows exploits

  11. Our panel oGerrit Lansing, CyberArk Software - Sr. Director, Product Management oVitali Kremez, Director of Research at Flashpoint oEzra Church, Partner, Morgan Lewis oPaul Roberts, Security Ledger (moderator)

  12. Questions from the Audience

Related


Efficient Key Recovery Attack on SIDH

Efficient Key Recovery Attack on SIDH

chaim
Fernandes Thriving in United's Resurgent Attack^J Euro 2024 Success

Fernandes Thriving in United's Resurgent Attack^J Euro 2024 Success

WorldWide
In Pursuit of Excellence: Executive Recruiters and High-Level Talent Acquisition

In Pursuit of Excellence: Executive Recruiters and High-Level Talent Acquisition

Kelvin1
Leading with Numbers: The CFO Executive Search Strategy Guide

Leading with Numbers: The CFO Executive Search Strategy Guide

Kelvin1
Navigating the Executive Landscape: The Art of C-Level Recruitment

Navigating the Executive Landscape: The Art of C-Level Recruitment

Kelvin1
Elevating Security Leadership: CISO Executive Search Solutions

Elevating Security Leadership: CISO Executive Search Solutions

Kelvin1
7 Expert Tips for Selecting Executive Headhunters in the UK

7 Expert Tips for Selecting Executive Headhunters in the UK

Kelvin1
The Importance of a Thorough Chief Financial Officer Executive Search

The Importance of a Thorough Chief Financial Officer Executive Search

Kelvin1
Top-rated Executive Search Firms in the UK - 2024 Reviews

Top-rated Executive Search Firms in the UK - 2024 Reviews

Kelvin1
If you are looking for Driving Lessons in Halfstraddle

If you are looking for Driving Lessons in Halfstraddle

Cathleen
The Benefits of Partnering with Executive Recruiters for Talent Acquisition

The Benefits of Partnering with Executive Recruiters for Talent Acquisition

Kelvin1
C-Level Staffing Solutions: Building a Strong Executive Team

C-Level Staffing Solutions: Building a Strong Executive Team

Kelvin1
Get the Best Piano Lessons in Kelston

Get the Best Piano Lessons in Kelston

robert1
Key Qualities to Look for When Recruiting a Chief Executive Officer

Key Qualities to Look for When Recruiting a Chief Executive Officer

Kelvin1
10 Key Traits of a Top Executive Recruitment Agency

10 Key Traits of a Top Executive Recruitment Agency

henery
Bradford District Care NHS Foundation Trust Organisational Structures and Executive Team Overview

Bradford District Care NHS Foundation Trust Organisational Structures and Executive Team Overview

jazmine
First Nations Attack on Fort Michilimackinac 1763: Causes, Tribes, and Aftermath

First Nations Attack on Fort Michilimackinac 1763: Causes, Tribes, and Aftermath

aleia
Executive Search Specialists In London

Executive Search Specialists In London

Starfish
Enhancing Cybersecurity for Windows Infrastructure: A Practical Guide

Enhancing Cybersecurity for Windows Infrastructure: A Practical Guide

marni
Federal Aviation Administration Implementation Lessons Learned

Federal Aviation Administration Implementation Lessons Learned

ryland
Duane Wolf Attack Simulation Study: Insights for Law Enforcement Officers

Duane Wolf Attack Simulation Study: Insights for Law Enforcement Officers

karol
Strengthening the Senior Executive Service: Executive Rotations Requirement Implementation

Strengthening the Senior Executive Service: Executive Rotations Requirement Implementation

bero_u

More Related Content