The Claroty Blog

Petya/NotPetya - Hundreds of Millions of Warnings of the Looming Threat

| Steve Ward

With Q2 2017 financial disclosures related to the realized and expected (Q3) financial impact of Petya/NotPetya coming from giants across the industrial world (shipping, manufacturing, etc.) we are literally looking at hundreds of millions of dollars in losses. These losses should be seen as hundreds of millions of warnings of the looming threat to ICS networks.

From our analysis, and what is widely agreed upon by other experts in cybersecurity, neither the WannaCry nor the Petya/NotPetya attacks were targeted specifically at industrial control systems networks. This can be seen as both a blessing and an alarming wake up call.

With tallies (at current) of losses from these non-targeted attacks in the high hundreds of millions of dollars, imagine the absolute devastation to companies and the global economy as a whole that could come from attacks that are specifically targeted at these networks.

Our analysis of Petya/NotPetya indicated that had the attack been as wide-spread as what was witnessed with WannaCry, the impact could have been far more tremendous. Very scary…

Our analysis of WannaCry found that with the right amount of knowledge, intent and focus on Industrial Control Systems, it too could have been devastating.

We have warned in our own blog – as early as April of 2017 – and in contributed articles published across the Industrial Control Systems world, that the threat of ransomware to the shop floor is not only real, but growing. We have also warned repeatedly that the state of readiness in Industrial Control Systems cybersecurity is poor at best.

The moment that has long been talked about – where attacks reach the ICS domain and cause major disruption and financial loss – has manifested itself. Obviously not just with WannaCry and Petya/NotPetya but with events such as the 2015 and 2016 Ukraine energy grid attacks.

The time is upon us to drive action. It has been upon us for more than a decade but now we may finally have the real-world examples needed to prompt change and rapid innovation.

We will explore the changing threat landscape in Industrial Control Systems cybersecurity, the impacts of these recent attacks, and a blue print for making the case for investment to your organization in a webinar next Thursday, August 31st.

We invite you to join us for this discussion – it will not be a Claroty ‘sales pitch’ but something far more important – a chance to gather the information you need to educate your executives, and to make the case for better protecting these systems, that so desperately needs to be made.

The challenge of our times in cybersecurity is protecting the Industrial Control Systems networks that power the world – and we need to move to meet this challenge immediately.

Register for this webinar here – we hope to see you/hope to engage in an important dialogue with you on this subject.

Even if you cannot make the live event, please register and we will make sure to get you a recording of the session.

See you next week – and until then (and always) – keep fighting the good fight!

Subscribe to the Blog