How to Stop the Most Destructive Cyberattack in History
Editor's note: By now, your usernames, passwords, Social Security number, and credit-card numbers have almost certainly been stolen in a cyberattack.
Over the past few years, hackers have broken into the databases of hundreds of universities, major retailers, and even credit-monitoring agency Equifax.
But the Trump administration called one specific event in June 2017 "the most destructive and costly cyberattack in history."
Today's Masters Series essay is excerpted from the July issue of Stansberry Innovations Report. In it, editor Christian Olsen – the latest tech expert to join the Stansberry Research team – explains how it happened... and shows why cybercrime is growing at an unprecedented rate...
How to Stop the Most Destructive Cyberattack in History
Jim Hagemann Snabe awoke to a dire call at 4 a.m.
His company was under attack. There was nothing he could do to stop it. And it was going to cost his firm the better part of $300 million.
Snabe runs Maersk, a 140-year-old shipping company based out of Copenhagen, Denmark. It's the largest company of its kind in the world, transporting roughly 20% of world trade. One of its ships arrives somewhere in the world every 15 minutes on average. And it unloads 10,000 to 20,000 containers per ship.
Maersk provides a critical part of the infrastructure that makes the world tick.
In June 2017, Maersk fell victim to what looked like ransomware, but was actually much more savage.
Ransomware is malicious software that, when installed, blocks access to an infected computer until a ransom is paid. The ransomware typically shows up as an e-mail in your inbox. Often, it prompts you to download a file that, when opened, allows "admin access" to your computer. The ransomware encrypts your data – locking you out of your own system.
It happens that easy and that fast.
The locked computer shows instructions on the screen for how to reinstate access. Once you send a hefty payment to an anonymous account, usually through bitcoin, the ransomware sends a code to unlock the computer.
Ransomware like WannaCry and Petya cost victims about $9 billion across 150 countries in 2016 and 2017. What hit Maersk last year was even more nefarious...
It was, creatively, called "NotPetya." The CIA believes the Russian military developed NotPetya to disrupt the Ukrainian banking system. But it quickly spread to Ukrainian business partners in other countries like Poland, Italy, Germany, Denmark, the U.K., the U.S., and even Russia itself.
Unlike its predecessor, NotPetya did not need victims to gullibly grant it access to their systems. Instead, it spread itself through a secret U.S. surveillance peephole developed – ironically enough – by the U.S. National Security Agency... a backdoor to the Windows operating system.
NotPetya got into the Maersk system through the auto-update feature for accounting software M.E. Doc. At Maersk, all the desktop computers had the auto-update feature turned on, so software updates would install by themselves.
Normally, information technology ("IT") departments want the auto-update feature turned on because software updates include bug fixes and security patches. The security patches minimize risk and protect the assets of the company. They keep hackers from getting access to sensitive information.
But NotPetya exploited the Microsoft Windows backdoor to sneak undetected through Maersk's auto-update and wipe out the Master Boot Record ("MBR") on every infected Windows PC and server in the company. (The MBR is a special place on every hard disk you need to start up the computer. If you can't access the MBR, or if it's corrupted, you lose your data and must replace the computer.)
Petya was designed to make money. NotPetya was designed to destroy. Once inside Maersk, NotPetya spread rapidly by sending out signals called "pings" to find all devices on the network. It then built a list of names, IP addresses, usernames, and passwords... and moved laterally across Maersk's network.
The attack obliterated the company's entire IT infrastructure, and Maersk was without IT for 10 days. Remarkably, the company was able to maintain 80% of its shipping volume business manually. But it had to replace and install 45,000 PCs and 4,000 servers to recover from the ransomware attack. Over the two months following the attack, it cost Maersk $300 million.
Reports claim that NotPetya affected more than 2,000 companies worldwide and caused $1 billion in total damage. That's on the light side, if you ask us.
In June, I traveled to Germany to attend the CEBIT technology conference. I spoke with several companies and top minds about cybersecurity, including Mikko Hypponen, chief risk officer of F-Secure, a Finnish-based cybersecurity company. He believes the financial damage and disruption from NotPetya were likely much more than that. I agree.
For example, pharmaceutical giant Merck claims the attack cost it about $310 million. Global courier FedEx said it took a $400 million hit. It cost Mondelēz International, the owner of Cadbury chocolate, $180 million.
If just these three companies and Maersk total more than $1 billion, our bet is NotPetya got away with several times that figure in the end.
The Trump administration called it "the most destructive and costly cyberattack in history."
Cybercrime is the world's fastest-growing criminal business. As you can see, the number of data breaches has shot up more than 900% since 2005...
According to one report, all cyberattacks cost the global economy $600 billion last year – up from $445 billion in 2014. Research firm Gartner reports that firms will spend more than $1 trillion on cybersecurity products between 2017 and 2021.
That offers enormous potential for companies with the right products and the right people to maximize the opportunity.
Regards,
Christian Olsen
Editor's note: Cybersecurity is just one of dozens of tech opportunities Christian has his eye on in our brand-new Stansberry Innovations Report advisory. In fact, we just released a brand-new presentation detailing another huge new tech development.
Much like the steam engine, which paved the way for locomotives, the cotton gin, and state-of-the-art factories... electricity, which led to the telephone, lightbulb, air conditioning, and more... and the Internet, which made smartphones, mobile payments, and Amazon and Google possible... this "keystone technology" is set to change the world as we know it. Watch this free presentation right here.