Cyber Crimes are not always about Money
(Megasploits The Future of Cyber Warfare)
Definition: Megasploit- Software engineered for destruction with multiple types of malware embedded that encompasses many previously known types of exploits in one destructive payload. Ex. WannaCry, Petya (NOTPetya/ExPetr other names for the same Megasploit)
So Cyber Warfare is a battle field that has no faces, only victims. Often only speculation and hunches are the visions or words that get produced in the wake. And the tolls are devastating, complete systems of government taken offline for untold amounts of time. Financial institutions infected and corrupted at the new center of business (their online presence). Nuclear power grids melting down, while propaganda pops up on enemy country cellphones of the entire population. Elections being swayed in the favor of a foreign powers’ choice. It is unmistakable that Cyber Crime has reached what can’t even be considered its peak. But in 2017 the speculations are astronomical, and the actualities are astounding.
Chernobyl May 12, 2017
It has been reported that the same nuclear power plant that is the location of the most horrific melt down in history has been hacked. The malware responsible for this hack is Petya (ExPetr/NOTPetya) which disguises itself as a ransomware attack but is what we will call a “WIPER” program. Using the NSA stolen malware ETERNALBLUE that takes complete advantage of an ignored 2015 exposed exploit by Microsoft that allows unauthorized traffic on TCP ports 139 and 445 as well as UDP port 137 and 138 from the local network to external networks, Petya unloads its payload pretending to request a ransom of $300 to remove its lock on your computer. However it has been revealed that even if it is paid there is no way to know if the lock can be lifted. Petya (which appears to be a Trojan-Worm), disguises as ransomware, which contain a zero day DDOS payload capable of self-detonation and distribution through the internal network of any unpatched Microsoft system so dangerous that Microsoft issued a patch MS 17-010 not only to Windows 10, but also to Windows server 2003, Vista, and XP (systems they haven’t issued security patches for in years as they are no longer supported).
To date it is completely unclear how far this virus has spread, current data reveals that estimates at a minimum every continent has been hit. As well as reports of up to 150 countries worldwide according to SureCloud (a company that actually tested the exploit and issued a detailed mitigation process if infected).
The Power Plant was small beans in this attack as The Saturation section pointed out. NHS (National Health Service in the UK)was hit by a similar tool (WannaCry) in June. It too carries the ETERNALBLUE software.
And uses the same MS17-010 exploit.
Between these 2 Megasploit malwares upwards of 200,000 computers have been rendered useless in the last 2 months alone. And with Kaspersky’s showing over 36,000 computers being hit in just one day. It going to get worse and fast.
The Biggest worry
What seem to be the least pointed out fact is that Merck & Co. got hit by the Megasploit (and although the company had preplanned contingencies in place,) even though they installed the patches prior to the hit. Which means these weaponized Megasploits may have the ability to eventually infect every computer ever made by Microsoft. As to date there are zero concrete infection paths documented for either Megasploit. So avoiding infection almost seems inevitable for all MS owners.
Re: Cyber Crimes are not always about Money (Megasploits The Future of Cyber Warfare) Citations
Retrieved from https://usa.kaspersky.com/resource-center/threats/blackenergy
Chernobyl nuclear power plant hit by Petya ransomware cyber attack | World | News | Express.co.uk. (n.d.). Retrieved from http://www.express.co.uk/news/world/821971/Chernobyl-nuclear-power-plant-hit-ransomware-cyber-attack
Exploiting MS17-010 – A Technical Overview. (n.d.). Retrieved from https://www.surecloud.com/blog/exploiting-ms17-010-technical-overview
Petya’s Ransomware Cloaking Device | Cybercrime | TechNewsWorld. (n.d.). Retrieved from http://www.technewsworld.com/story/84659.html
Unpatched SMB Zero Day Easily Exploitable | Threatpost | The first stop for security news. (n.d.). Retrieved from https://threatpost.com/unpatched-smb-zero-day-easily-exploitable/123963/