28 JUNE 2017: further update on the threat situation surrounding the Petya cyber attack [WITH VIDEO]
Eric De Grasse, CTO
(with special thanks to FireEye and Palo Alto Networks)
28 June 2017 – Earlier today we participated in a Europol briefing and the major take-away was this: the “Petya” attackers knew that M.E.DOC would impact mostly Ukraine; all other infections were “side effects”. This was a cyberwar attack, not a criminal attack. See the video above which lays out the timeline and why they arrived at this conclusion.
Situation Summary
As we noted in yesterday’s brief, this attack was a new variant of the Petya malware which spread over the Microsoft Windows SMB protocol. The malware appears to use the ETERNALBLUE exploit tool to accomplish this. This is the same exploit the WanaCrypt0r/WanaCry malware exploited to spread globally in May, 2017. Multiple organizations have reported network outages, including government and critical infrastructure operators.
Several cyber security firms have tried to summarize the “NotPetya” outbreak. Here is a cut & paste compendium from several sources on what happened and what you should do:
- The malware uses a bunch of tools
GDPR triggers demand for EU Data Privacy Officers … with an opportunity for consulting firms and law firms
By:
Catarina Conti
Eric De Grasse
6 December 2016 – The new General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive 95/46/EC effective 25 May 2018.
Although many companies have already adopted privacy processes and procedures consistent with the Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non-compliant data controllers and processors once it comes into force in the spring of 2018.
With new obligations on such matters as data subject consent, data anonymization, breach notification, trans-border data transfers, and appointment of data protection officers, to name a few, the GDPR requires companies handling EU citizens’ data to undertake major operational reform.
GDPR (Article 37) acknowledges the value of “privacy on the ground” by requiring designation of a data protection officer. Readers on our EU job lists have seen the spike in data protection officer job postings. They are in high demand … and difficult to find.
But Article 37 does not establish the … Read more
Trying to spot sarcasm? How about a little vector space mathematics to help.
Gregory P. Bufithis, Esq.
Founder/CEO
Sarcasm is almost impossible for computers to spot. A mathematical approach to linguistics could change that.
20 October 2016 – Back in 1970, the social activist Irina Dunn scribbled a slogan on the back of a toilet cubicle door at the University of Sydney. It said: “A woman needs a man like a fish needs a bicycle.” The phrase went viral and eventually became a famous refrain for the growing feminist movement of the time.
The phrase is also an example of sarcasm. The humor comes from the fact that a fish doesn’t need a bicycle. Most humans have little trouble spotting this. But while various advanced machine learning techniques have helped computers spot other forms of humor, sarcasm still largely eludes them. These other forms of humor can be spotted by looking for, say, positive verbs associated with negative or undesirable situation. And some researchers have used this approach to look for sarcasm.
But sarcasm is often devoid of sentiment. The phrase above is a good example — it contains no sentiment-bearing … Read more