Security Service of Ukraine of a new wave of large-scale NotPetya-like attack

Share this…

The Security Service of Ukraine warning their citizens of a new “large-scale” cyber attack similar to NotPetya that could take place between Oct 13 and 17

In June the NotPetya ransomware compromised thousands of businesses and organizations worldwide, most of them in Ukraine.

Now, the Ukrainian authorities warning their citizens of a new “large-scale” cyber attack similar to NotPetya.

The Ukrainian Secret Service, SBU, published a press release on Thursday, warning an imminent massive cyber attack that could take place between October 13 and 17 when Ukraine celebrates Defender of Ukraine Day.

“SBU notifies about preparing of a new wave of large-scale attack against the state institutions and private companies. According to the secret service, big state and private companies are the aims of the offenders.” reads the SBU press release.

“The basic aim – to violate normal operation of information systems, that may destabilize the situation in the country. The SBU experts received data that the attack can be conducted with the use of software updating, including public applied software. The mechanism of its realization will be similar to cyber-attack of June 2017.”

According to the authorities, a threat actor can launch a cyber attack by compromising the supply chainof a software used by government entities. Once again attackers can use a malicious software update to infect installs in the country. The attack scenario is the same exploited by NotPetya hackers when hackers compromised the update mechanism for the Ukrainian financial software provider called MeDoc.
The tainted MeDoc update allowed the NotPetya rapidly spreading through Ukrainian government agencies and businesses, the operations of multinational companies were seriously affected.
The Ukrainian Secret Service blamed Russia nation-state hackers for the NotPetya attacks, researchers who analyzed the ransomware discovered the malicious code was a wiper malware disguised as a ransomware.
Back to the present, the security warning is urging organizations to improve their defense. The SBU provided a set of recommendations to follow to improve the resilience to cyber attacks:
  • To update signatures of virus protection software on the server and in the workstation computer;
  • To conduct redundancy of information, which is processed on the computer equipment;
  • To provide daily updating of system software, including OS Windows of all versions.