On Monday, the Justice Department announced that a federal grand jury had charged six Russian intelligence officers labeled the Sandword team responsible for notoriously destructive attacks spanning the globe. The group has been traced back to the 2017 NotPetya outbreak that caused over $1 billion in damage to US organizations
Most weeks, it is far outside the normal job responsibilities for cybersecurity professionals to understand what the United States (or other governments) do to find or use computer vulnerabilities. Just stay patched and keep the board of directors happy. This is not one of those weeks.
This week we learned that the National Security Agency disclosed to Microsoft that it had discovered a major vulnerability (dubbed CVE-2020-0601) in Windows 10. A Washington Post article, by veteran cyber journalist Ellen Nakashima, declared this to be a “a major shift in the NSA’s approach, choosing to put computer security ahead of building up its arsenal of hacking tools that allow the agency to spy on adversaries’ networks.”
Maersk Chief Information Security Officer Andrew Powell stated at Black Hat Europe 2019 that he believes that 600 countries across the globe were damaged by NotPetya around the time of the Maersk attack. He stated that any company doing business in Ukraine at the time of the attack was hit.
“The historical ‘air gap’ separating industrial control systems from enterprise networks meant that factories and shipyards were more or less immune to cyber-attack. As long as systems were air-gapped it didn’t matter how pernicious or effective the cyber-threat became, we felt confident that these virtual concerns couldn’t impact our physical