Mastering the Art of Vulnerability and Patch Management: Lessons from Maersk's NotPetya Cyber-Attack in 2017

Mastering the Art of Vulnerability and Patch Management: Lessons from Maersk’s NotPetya Cyber-Attack in 2017

In June 2017, a cyber-attack was launched by Russia against Ukraine’s government and business units. The attack employed the NotPetya malware, which quickly spread through global IT infrastructure networks, thanks to the EternalBlue exploit it used to move laterally. The virus managed to infect Maersk, a significant player in the shipping and logistics industry, and tried to spread to other vulnerable systems within its networks.

The attack caused a significant impact on Maersk’s computer systems, including servers, laptops, and personal computers. The malware deployed during the attack wiped out robust encryption algorithms designed to secure the Master File Table (MFT) within targeted systems. This made the file system unusable as the MFT, a vital component responsible for keeping track of file locations and storage, became inaccessible to the operating system. The malware quickly spread, infecting tens of thousands of designs within Maersk’s infrastructure.

The root cause of the issue stemmed from a solitary system that had not received the necessary updates to safeguard against potential vulnerabilities. To ensure the safety and reliability of your infrastructure, it is crucial to maintain a reliable and systematic approach to patch management. By diligently implementing an effective patching strategy, you can proactively reduce the likelihood of security breaches and minimize the need for reactive vulnerability management.

Mastering the Art of Vulnerability and Patch Management: Lessons from Maersk's NotPetya Cyber-Attack in 2017

To be effective against infrastructure vulnerabilities, here are some tips:

  1. It is recommended to create a detailed and complete inventory of all devices connected to your network. You may find it helpful to use tools like sniffers to help with the process of documenting manually.
  2. It’s important to know the type of firewalls being used at different locations as they may vary. To maintain consistency, it’s recommended to standardize the equipment used.
  3. Make sure you know who has access to those devices.
  4. Ensure that all individuals have an operational VPN.
  5. It is important to establish a clear policy regarding the use of company-owned laptops and personal devices (BYOD) to ensure proper vulnerability management. Consistency in this policy is crucial.

Once vulnerability scanning has been completed and all devices are logged and documented, it is important to implement a policy for conducting preventative tests on a monthly or quarterly basis. These tests should not be conducted during business hours to minimize disruptions.

To maintain security, it is important for your security team or analysts to regularly update and patch all hardware, operating systems, applications, databases, and networking equipment. Additionally, it is crucial to ensure that your browsers and plugins are up-to-date and that your applications cannot be reconfigured or accept any unauthorized configuration changes.

It is of utmost importance for individuals to have a clear understanding of the distinction between vulnerabilities, which refer to weaknesses within a system, threats, such as the cyber-attack on Maersk that occurred in June of 2017, and the resulting risks that may ensue, such as the possibility of data loss if one’s devices are wiped clean.

It’s crucial to remember that in the current digital landscape, malicious individuals may compromise your networks without any desire for financial gain. NotPetya is a prime example of this. Keeping this in mind is essential in safeguarding your systems from possible harm.

Scroll to Top