Petya the Great and why *they* don’t patch vulnerabilities
Alexander Leonov
Vulnerability & Compliance Management, Security Automation, Metrics
I really like this. Just imagine. Quiet, routine, everyday Vulnerability Management process in organizations: scanning-patching, scanning-patching, scanning-patching… And then. Suddenly! PEEETYYA!!!
And at very same moment everything changes. People from different companies start to communicate with each other actively, reverse this new malware, share the data, write and share tools for detection and recovery. Security professional is a friend, a brother and a source of useful information for security professional. Real movement! Real community! =)
For example, my friends from Vulners.com created pretty popular gist about Petya (petrWrap, notPetya, GoldenEye) and updated in real time for several hours.
My former colleagues from Positive Technologies released detailed technical review of this ransomware (in Russian) few hours since the outbreak started, at 01:00 am . They also found a local kill switch, and probably were the first one. Simultaneously with Amit Serper from Cybereason.
Read more: https://avleonov.com/2017/06/30/petya-the-great-and-why-they-dont-patch-vulnerabilities/
Lead Information Security Engineer
7 年Alex is killing it!
Detection & Response mission: to equip every cyber defender with tools, knowledge and private AI to outscale attacks. CEO & Founder of SOC Prime. Invented Uncoder.IO, tagging Sigma w ATT&CK, Roota.io
7 年Great article indeed. The thing is, patching didn't save some companies. It is critical, it does reduce attack vector. But there are several infection vectors. Network segmentation, proper service ACLs and proactive security monitoring would've saved almost every victim I talk to so far.
Founder @ Blu Raven | ?? Learn KQL for Threat Hunting, Detection Engineering, and Incident Response | Sr. Threat Researcher, Threat Hunter, Microsoft Security MVP, CISSP, eCTHP, CRTO
7 年great post, thanks.