Although it less than two days since the Petya ransomware outbreak, the job of working out where the outbreak started and who is responsible has started. Based on telemetry they received, Microsoft believes the software updater for MEDoc – a Ukrainian tax software application – was the initial source of at least some infections.
These jibes with reports saying the outbreak hit Ukrainian companies pretty hard early in the outbreak.
And it highlights a growing trend with cyber-criminals. Rather that directly attack machines themselves, they attack the weakest part of the supply chain and use that as an access point into other systems.
Like WannaCry, Petya also exploited EternalBlue in order to propogate and more laterally across a network in order to infect more hosts.
The lesson for us – US President Reagan often said “Trust, but verify”. Although you might take great security precautions, it important to ensure the people you trust have addressed their risk and put effective mitigation strategies in place.
It’s not enough to assume all your suppliers are safe. You need to verify them.