IntrusionsInDepth

The Intrusions in Depth Podcast is a detailed exploration of major cyber attacks and their broader implications. Hosted by Josh Stepp , the podcast delves into the technical aspects, historical context, and global impact of significant cybersecurity events. In the premiere episode: notPetya, the show examines the 2017 NotPetya malware attack, which caused an estimated $10 billion in damages worldwide. Through a mix of technical analysis, historical background, and commentary, the episode provides a comprehensive look at how this cyber attack was developed, and deployed, and the lasting effects on global cybersecurity.

Topics:

Technical Breakdown of NotPetya Malware:

• The episode explains how the NotPetya malware was constructed using tools such as Mimikatz, EternalBlue, and EternalRomance exploits. It also clarifies why NotPetya was initially mistaken for ransomware and how it functioned as a wiper.

Historical Context and Geopolitical Background:

• Outlines the events leading up to the NotPetya attack, including the Russia-Ukraine conflict and the geopolitical climate of 2017 to understand the motives behind the cyber attack.

Impact on Major Corporations and Infrastructure:

• Highlights the significant disruptions caused by NotPetya to multinational companies like Maersk, Merck, FedEx, and even critical infrastructure such as the Chernobyl radiation monitoring systems. It discusses the financial and operational repercussions faced by these organizations.

Supply Chain Vulnerabilities and Cybersecurity Implications:

• The concept of supply chain attacks, emphasizing how the compromise of the Ukrainian tax software MEDoc led to the widespread distribution of NotPetya. It also addresses the broader implications for global cybersecurity and the importance of securing supply chains.

Legal and Insurance Challenges:

• The legal ramifications of the NotPetya attack, particularly focusing on the insurance industry's response. It covers the lawsuit between Mondelēz International and Zurich Insurance over the definition of cyber warfare and the challenges in claiming insurance for such incidents.

Show Notes

• Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

  by Andy Greenberg, Mark Bramhall, et al.

• Darknet Diaries: Episode 54 NotPetya

• The Battle For Ukraine

• https://securityintelligence.com/news/notpetya-operators-installed-three-backdoors-on-m-e-doc-software-server-before-activating-malware/

• https://www.idagent.com/blog/2017-08-03-notpetya-threat-supply-chains-across-ukraine/

• https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and

• https://steemit.com/shadowbrokers/@theshadowbrokers/repost-theshadowbrokers-message-4-october-2016

• https://therecord.media/mondelez-and-zurich-reach-settlement-in-notpetya-cyberattack-insurance-suit

• https://cyberscoop.com/insurance-giant-settles-notpetya-lawsuit/

• https://www.darkreading.com/cyberattacks-data-breaches/oreo-giant-mondelez-settles-notpetya-act-of-war-insurance-suit

• https://www.cisa.gov/news-events/alerts/2017/07/01/petya-ransomware

• https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-010?redirectedfrom=MSDN

• https://www.cybereason.com/blog/cybereason-discovers-notpetya-kill-switch

• https://www.cybereason.com/blog/malicious-life-podcast-inside-notpetya-ransomware-part-2

• https://en.wikipedia.org/wiki/Kharkiv_Pact

• https://en.wikipedia.org/wiki/Partition_Treaty_on_the_Status_and_Conditions_of_the_Black_Sea_Fleet

• https://www.wilsoncenter.org/publication/why-did-russia-give-away-crimea-sixty-years-ago

• https://www.reuters.com/article/idUSDEEA3706L/

• https://en.wikipedia.org/wiki/Revolution_of_Dignity

• https://nos.nl/nieuwsuur/artikel/2213767-dutch-intelligence-first-to-alert-u-s-about-russian-hack-of-democratic-party