Security Experts Suspect Petya Cyber-Attack Inspired by Nation-State

Today’s topics include cyber-security experts' assertion that the Petya Malware a nation-state attack; UK officials' claim that Google DeepMind failed to follow patient data privacy rules; a campaign by British police and Microsoft to stop tech support fraud; and an AT&T report that affirms that white box switches are essential for its network modernization program.

Two separate European security authorities have concluded that the widespread Petya ransomware attack, also known as NonPetya, was not about money, but rather a disruptive cyber-attack conducted by a nation-state.

On June 30, four researchers at the NATO Cooperative Cyber Defense Centre of Excellence (CCD COE) attributed both NotPetya and its predecessor, WannaCry, “most likely … to a state actor.”

While the group did not identify the source of the attack, a second analysis by the Security Bureau of Ukraine (SBU) placed the blame on the Russian Federation.

The NotPetya attack started the week of June 26 disrupting computer operations in Ukraine and spreading west across Europe and getting as far as North America according to cyber-security analysts.

The United Kingdom's Information Commissioner's Office on July 3 ruled that Google's DeepMind division failed to comply with relevant data privacy laws when handling personal health data belonging to some 1.6 million patients.

The Royal Free London NHS Foundation Trust, a group of three hospitals, provided the data to Google as part of a clinical safety testing initiative relating to a new application.

The ICO found that neither Royal Free, as the controller of the data, nor Google DeepMind as the data processor, followed UK data protection laws when handling the data.

For instance, DeepMind and Royal Free did not properly inform the patients that their personal health data was being used in a clinical safety initiative.

British authorities and the City of London Police department working with Microsoft have made an attempt to reduce tech support fraud, arresting four alleged perpetrators.

The arrests were announced by the City of London Police on June 28. Those arrested have only been identified by their ages and include a 29 year-old and a 31 year-old woman who have since been released on bail.

Additionally, two other women were arrested by North East Regional Special Operations Unit (NERSOU) officers and later released pending further enquiries, according to London Police. The arrests came as part of a two-year collaboration between Microsoft and British authorities.  

 AT&T officials continue to promote the carrier’s efforts to make white box networking gear a key part of its project to transform its infrastructure into a software-centric network that's more capable of handling the rapidly changing requirements of the internet of things, mobile devices, big data and the cloud.

The service provider in April announced successful live trials of white-box switches involving such vendors as Barefoot Networks, Edgecore Networks, SnapRoute, Intel and Broadcom.

AT&T officials said the open source gear will support networking infrastructures that can accelerate innovation when the rise of such technologies as self-driving cars will demand real-time data management.

In a recent blog post, AT&T executives continued to push the idea of white-box gear that decouples the software and hardware—in which unbranded switches and routers from system makers run non-proprietary software from other vendors.