“Somehow the vulnerability of this Ukrainian accounting software affects the US national security supply of vaccines and global shipping?” asks Joshua Corman, a cybersecurity fellow at the Atlantic Council, as if still puzzling out the shape of the wormhole that made that cause-and-effect possible. “The physics of cyberspace are wholly different from every other war domain.”
In those physics, NotPetya reminds us, distance is no defense. Every barbarian is already at every gate. And the network of entanglements in that ether, which have unified and elevated the world for the past 25 years, can, over a few hours on a summer day, bring it to a crashing halt.
The code that the hackers pushed out was honed to spread automatically, rapidly, and indiscriminately. “To date, it was simply the fastest-propagating piece of malware we’ve ever seen,” says Craig Williams, director of outreach at Cisco’s Talos division, one of the first security companies to reverse engineer and analyze NotPetya. “By the second you saw it, your data center was already gone.”
On a national scale, NotPetya was eating Ukraine’s computers alive. It would hit at least four hospitals in Kiev alone, six power companies, two airports, more than 22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and practically every federal agency. “The government was dead,” summarizes Ukrainian minister of infrastructure Volodymyr Omelyan. According to ISSP, at least 300 companies were hit, and one senior Ukrainian government official estimated that 10 percent of all computers in the country were wiped. The attack even shut down the computers used by scientists at the Chernobyl cleanup site, 60 miles north of Kiev. “It was a massive bombing of all our systems,” Omelyan says.
Read extraordinory full story here