NotPetya- The Exploit that would Lead to Many Attacks Part 3

By April 7, 2020View All Resources

NotPetya Attack affects Ukraine and Russia

In my previous posts about NotPetya, I mentioned that the attack had targeted Ukraine through the tax software M.E. Doc and that we have a good idea of who was behind it.

The fact that NotPetya was initially released in Ukraine and that a Russian presence was detected on M.E. Doc’s servers is not surprising. Russia and Ukraine have been in a digital war for quite some time now, and it seems to be Russia’s way of testing and perfecting digital warfare.

As these digital munitions are being developed, it is safe to say that this is a foreshadowing of what is to come in a new age of warfare that aims to stay away from open hostilities and declared conflict.

A perfect example of this new strategy is when Russian attackers shut off a large portion of Ukraine’s power grid in the winter of 2015, cutting off heat to citizens when they needed it most. However, NotPetya was different than the attack in 2015 because it was a supply chain attack, a sophisticated strategy that has been used for quite some time now and is very effective.

The White House called NotPetya the costliest cyber attack in history and blamed it directly on the Russian military. The estimated total private-sector losses? $10 billion.

Let’s talk about some other companies besides Maersk that suffered from the NotPetya attack and one that triumphed.

FedEx and TNT suffered the same slowdown that Maersk did, just with planes and trucks rather than sea vessels. FedEx didn’t have cyber insurance for occasions like these, though, and will bear the full brunt of their $400 million in losses.

The supply chain giant Merck was also affected by this, as their shipments of raw materials were not arriving at their factories, resulting in them having to withdraw materials from the United States National stockpile to meet orders. The damage for Merck was about a billion dollars worth of losses, an enormous price to pay for some poor cybersecurity practices. DHL, on the other hand, was able to keep their doors open and keep track of their shipments, and because of their good cyber hygiene, they saw an increase in revenue after the attack as all of Maersk, FedEx, and TNT’s customers flooded to them.

So, what’s the lesson in this? Here it is: if your company practices good cyber hygiene, you will stay in business when everyone else is caught in a crisis. While your competition is struggling to get back on their feet, their customers will come to you, and you will profit.

Leave a Reply

10 − one =