Connect with us


The curious case of the #Petya Virus



On June 27 the world was hit by the Petya computer virus,   which blocked computers and asked the owners to pay $300 to recover access to their data. One of the countries affected more than any other was Ukraine where the virus was launched and where it proved to be destructive, with national institutions and crucial infrastructure like the central bank, the airport and the metro system infected – writes Chris Rennard

The virus initially looked like ransomware that demanded payments in the electronic currency “Bitcoin” in order to decrypt infected systems. But quickly, researchers and analysts came to suspect that this was more than just a ransomware attack,  because whoever was behind it didn't actually make much money, and moreover it seemed to be deliberately targeting state institutions which were unlikely to be lucrative targets for such criminal demands. The real purpose of the whole operation was clearly different.

I have taken an interest in this following an apparent cyber attack on the UK Parliament’s email system last month. I took the precaution of telling my Twitter followers to contact me by text instead of email. It was a tweet that prompted dozens of newspaper headlines.

The Petya virus struck just a few days later. In that instance, experts initially speculated that this was a prototype state-sponsored cyber attack on Ukraine using malware as one of the weapons employed in the Russian Government’s arsenal of hybrid warfare tactics. But the major victim of the hacking attack was Rosneft in Russia, which is led by Igor Sechin, known to be close to the Russian security services. It seems unlikely that an attack on Ukraine would choose to also attack a prized Kremlin-related company like Rosneft.

New allegations in the Russian press, apparently based on leaked information, have now surfaced that the virus may in fact have been introduced as a massive deliberate attack on the Rosneft and Bashneft computer systems, and designed to destroy essential evidence of critical importance to ongoing court proceedings against the Russian conglomerate Sistema, owned by the Russian tycoon Vladimir Yevtushenkov. In the event, Rosneft was able to switch to a backup server and managed to avoid any serious consequences. But the finger of blame for the launch of the Petya malware is now being pointed at Sistema and Yevtushenkov.

Under this theory the collateral damage suffered by Ukraine and other countries was no accident; it was designed to be part of an intentional cover-up, to disguise the real purpose. By launching the attack in Ukraine first, the sponsor of the attack also ensured that there was little chance of the findings of any investigation by Ukrainian officials being shared with Russian investigators, as Ukraine has a deep suspicion and mistrust of the Russian authorities.

A Russian journalist who has investigated the attack believes there is “no other possible explanation.” He uses a pseudonym out of fear about reprisal. "I believe this attack was specifically targeted at Rosneft," he says.

In support of his contention, the journalist cites the fact that the cyber-attack started on the day the Arbitration Court of Bashkiria held its first hearing on Rosneft's suit against Sistema. This was no coincidence.

On June 23, Sistema assets worth $3 billion were frozen by the court as a security measure. This included shares in the Sistema operating companies Medsi clinics, the Bashkir Electric Grid Company and mobile telephone operator MTS, equivalent to almost half of Yevtushenkov’s capital.

As any amateur student of Sherlock Holmes knows, to determine the motive for a crime, the first step is to establish who would stand to benefit financially.

The sum of money at stake in the litigation between Rosneft and Sistema is $2.8 billion for the alleged fraudulent siphoning of funds by Sistema from Bashneft when Sistema owned it. The damages claimed by Rosneft would bankrupt Sistema if they were to lose the suit. Dire straits call for desperate measures, and what could be a better way for Sistema to seize advantage in the court case than destroying the plaintiff’s evidence?

A further argument that the journalist cites in support of his theory is that Sistema is the largest telecommunications holding company in Russia employing the country’s top IT professionals. They know how to deal with viruses and hacking, and consequently how to organise them. Who else from the former Soviet Union could mastermind such a powerful hacking attack?

A final missing piece in the jigsaw puzzle is that according to the conclusions of computer analysts one of the first sources of the hacking attack was a Ukrainian accounting programme called MeDoc, which sent out a suspicious software update. MeDoc is the name of software developed by the company Intellekt-servis. One of the biggest customers of Intellekt-servis in the region is Vodafone, the Ukrainian operating company for which is owned by the Russian MTS Group, one of the key assets of Sistema, Vladimir Yevtushenkov’s company.

We may never be able to conclusively attribute the responsibility for the hacking attacks, understand what their real motive was, and hold those responsible to account. But clearly, the most important concern has to be European and international cybersecurity.

The author - Lord Rennard -  is former Chief Executive of the British Liberal Democrats







EU Threat Landscape Report: Cyber attacks are becoming more sophisticated, targeted and widespread



On 20 October, the European Union Agency for Cybersecurity (ENISA) published its yearly report summarizing the main cyber threats encountered between 2019 and 2020. The report reveals that the attacks are continuously expanding by becoming more sophisticated, targeted, widespread and often undetected, while for the majority of them the motivation is financial. There is also an increase of phishing, spam and targeted attacks in the social media platforms. During the coronavirus pandemic, the cybersecurity of health services was challenged, while the adoption of teleworking regimes, distance learning, interpersonal communication, and teleconferencing also changed the cyberspace.

The EU is taking strong action to strengthen cybersecurity capacities: It will update legislation in the area of cybersecurity, with a new Cybersecurity Strategy coming up by the end of 2020, and is investing in cybersecurity research and capacity building, as well as in raising awareness about new cyber threats and trends, such as through the annual Cybersecurity Month campaign. The ENISA Threat Landscape Report is available here and a press release is available here.

Continue Reading


EU countries test their ability to co-operate in the event of cyber attacks



EU member states, the EU Agency for Cybersecurity (ENISA) and the European Commission have met to test and assess their co-operation capabilities and resilience in the event of a cybersecurity crisis. The exercise, organized by the Netherlands with the support of ENISA, is a key milestone towards the completion of  relevant operating procedures. The latter are developed in the framework of the NIS Co-operation Group, under the leadership of France and Italy, and aim for more coordinated information sharing and incident response among EU cybersecurity authorities.

Furthermore, member states, with the support of ENISA, launched today the Cyber Crisis Liaison Organization Network (CyCLONe) aimed at facilitating cooperation in case of disruptive cyber incidents.

Internal Market Commissioner Thierry Breton said: “The new Cyber Crisis Liaison Organization Network indicates once again an excellent cooperation between the member states and the EU institutions in ensuring that our networks and critical systems are cyber secure. Cybersecurity is a shared responsibility and we should work collectively in preparing and implementing rapid emergency response plans, for example in case of a large-scale cyber incident or crisis.”

ENISA Executive Director Juhan Lepassaar added: "Cyber crises have no borders. The EU Agency for Cybersecurity is committed to support the Union in its response to cyber incidents. It is important that the national cybersecurity agencies come together to coordinate decision-making at all levels. The CyCLONe group addresses this missing link.”

The CyCLONe Network will ensure that information flows more efficiently among different cybersecurity structures in the member states and will allow to better coordinate national response strategies and impact assessments. Moreover, the exercise organized follows up on the Commission's recommendation on a Coordinated Response to Large Scale Cybersecurity Incidents and Crises (Blueprint) that was adopted in 2017.

More information is available in this ENISA press release. More information on the EU cybersecurity strategy can be found in these Q&A and this brochure.

Continue Reading


Commission launches #Women4Cyber - A registry of talents in the field of cybersecurity



On 7 July the Commission, together with the Women4Cyber initiative of the European Cybersecurity Organization (ECSO) launched the first online registry of European women in cybersecurity that will connect expert groups, businesses and policy makers to talents in the field.

The registry is an open, user-friendly database of women that have expertise in cybersecurity, aiming to address the growing demand for cybersecurity professionals in Europe and the related shortage of talents in the field. Its launch follows the European Skills Agenda for sustainable competitiveness, social fairness and resilience that the Commission presented on 1 July 2020.

A Europe Fit for the Digital Age Executive Vice President Margrethe Vestager said:  “Cybersecurity is everyone's business. Women bring experience, perspectives and values into the development of digital solutions. It is important to both enrich the discussion and make the cyberspace more secure.”

Promoting our European Way of Life Vice President Margaritis Schinas  said: “The cybersecurity field is suffering a massive skills shortage. This talent shortage is exacerbated by the lack of female representation in the field. The updated Skills Agenda adopted by the Commission last week aims to close such gaps. A diverse cybersecurity workforce will certainly contribute to more innovative and robust cybersecurity. The registry launched today will be a useful tool to promote women cybersecurity professionals and create a more diverse and inclusive cybersecurity ecosystem.”

Internal Market Commissioner Thierry Breton said: “Over the years we have been promoting various successful initiatives aimed at increasing training in digital skills, notably in the cybersecurity field. Every cyber team needs to combine various skills combining data science, analytics and communication. The registry is a tool aimed at achieving better gender balance in the cybersecurity workforce.”

The registry, which outlines diverse profiles and maps various areas of expertise, is accessible to everyone and will be updated regularly. More information about the Women4Cyber initiative is available here, about the Commission Cybersecurity strategy here and you can join the Women4Cyber registry by clicking here

Continue Reading