NotPetya caused some ten billions of collateral damage in the West, as well as nuking a lot of Ukraine’s systems (as intended by Russia) - some overview and background here, and an indepth story of the effect on major global shipping company Maersk, who took some 10 days to get their IT back together and months to get their software back up. Meantime needing to process tens of thousands of shipping containers.
“Snabe, however, didn’t say much about the company’s security posture pre-NotPetya. Maersk security staffers tell WIRED that some of the corporation’s servers were, up until the attack, still running Windows 2000—an operating system so old Microsoft no longer supported it. In 2016, one group of IT executives had pushed for a preemptive security redesign of Maersk’s entire global network. They called attention to Maersk’s less-than-perfect software patching, outdated operating systems, and above all insufficient network segmentation. That last vulnerability in particular, they warned, could allow malware with access to one part of the network to spread wildly beyond its initial foothold, exactly as NotPetya would the next year.”
Another piece on NotPetya
Full analysis of the different aspects of NotPetya requires expertise in offensive cyber operations, Reverse Engineering, PSYOPS, information operations, media theory, geopolitics, warfare, Russia, Ukraine, and military intelligence. Limiting ourselves to a cyber perspective will produce an inherently myopic analysis.
and
In effect, a situation has been created where a foreign adversary can include EternalBlue exploit code in malware and be almost guaranteed anti-USG/NSA sentiment. This is the binary embodiment of offensive cyber operations as influence activity, or the further weaponization of information.
There’s no doubt in my mind that others have taken note of the NotPetya operation. This is akin to Stuxnet in 2010 and the influence operations surrounding the 2016 elections. We must realize that this isn’t cyber, but societal warfare. We should analyze and report on it as such.
via Bruce Schneier’s Crypto-Gram newsletter