Daily Management Review

Ukraine Police Official Says Likely Cover For Malware Installation Was Global Cyber Attack: Reuters


Ukraine Police Official Says Likely Cover For Malware Installation Was Global Cyber Attack: Reuters
It is highly likely that Ukraine’s computer infrastructure was the primary target of a crippling computer virus that spread from Ukraine across the world this week, reported Reuters citing a top Ukrainian police official.
The computer worm has been dubbed NotPetya by some experts, which has paralyzed thousands of machines worldwide and cyber security firms are trying to piece together who was behind the computer worm. This malware spread through internal organizational networks to an estimated 60 countries shutting down ports, factories and offices.
While a Kremlin spokesman dismissed "unfounded blanket accusations", Ukrainian politicians were quick on Tuesday to blame Russia.
the main purpose of the attack was to install new malware on computers at government and commercial organizations in Ukraine, suggests a growing consensus among security researchers, armed with technical evidence. Experts said that the goal may be to plant the seeds of future sabotage, rather than extortion.
International firms appear to have been hit through their operations in the country.
All of the top 10 countries hit were located in central, eastern or southern Europe and 75 percent of the infections detected among its global customer base were in Ukraine, shows statistics released by Slovakian security software firm ESET on Thursday.
Most of the damage from the attack had hit Ukraine, and Russia to a lesser extent, with only a few dozen German firms affected, said Arne Schoenbohm, president of BSI, Germany's federal cyber security agency.
"In all of the known cases, the companies were first infected through a Ukrainian subsidiary," the German official said.
It had received 1,500 requests for help from individuals and companies in connection with the virus, Ukraine's cyber police said in a statement on Thursday.
Similar to the extortion tactic used in a global WannaCry ransomware attack in May, the malicious code demanded victims pay a $300 ransom after the new virus encrypted data on computers.
Echoing working hypotheses from top cyber security firms, who consider NotPetya a "wiper", or tool for destroying data and wiping hard disks clean, that is disguised as ransomware, a top Ukrainian police official reportedly told Reuters that the extortion demands were likely a smokescreen.
"Since the virus was modified to encrypt all data and make decryption impossible, the likelihood of it being done to install new malware is high," the official, who declined to be identified, wrote in a phone text message to Reuters.
The same line of inquiry is being pursued by Information Systems Security Partners (ISSP), a Kiev-based cyber research firm which had investigated cyber attacks against Ukraine on earlier occasions.
Money was unlikely to be the primary object of the attack, given that few people actually paid the $300 demanded for removing the virus, ISSP said.
"It's highly likely that during this attack new attacks were set up," said ISSP chairman Oleg Derevianko.
"At almost all organizations whose network domains were infected, not all computers went offline," he said by phone. "Why didn't they all go offline? We are trying to understand what they might have left on those machines that weren't hit."
an update issued by an accounting services and business management software was the source of spread of the virus, said Ukraine's National Security and Defence Council Secretary Oleksandr Turchynov.
"Also involved was the hosting service of an internet provider, which the SBU (Ukraine's state security service) has already questioned about cooperation with Russian intelligence agencies," he said, according to a statement.