NotPetya: DNS-leveraging Malware
Hot on the heels of last month’s WannaCry ransomware attack comes a new threat: NotPetya.
Hot on the heels of last month’s WannaCry ransomware attack comes a new threat: NotPetya. Also referred to by names such as ‘SortaPetya’ and ‘GoldenEye’, NotPetya is a savage piece of malware that serves as a disk wiping platform and corrupts a computer’s data. As the malware rapidly spread around the world, DNS technology became a pawn in the attack.
NotPetya thrives off of two Windows vulnerabilities, both of which had been recently identified and patched by the operating system company. However, users who had not yet downloaded the patches were especially susceptible to the attacks, which used these loopholes to spread.
Lateral Movement
As if NotPetya wasn’t scary enough, true terror came for global enterprises when it was discovered that the malware could travel laterally throughout a company’s network. Infected systems would hunt for other targets within a network, creating a vicious domino effect across companies such as international shipping giant Maersk.
In order for this kind of malware to spread across a network, DNS is leveraged as a navigation aide – helping to identify additional hosts that can be connected to and taken over. Thankfully, DNS can also be part of the solution to malware attacks like this, as it can be utilized to detect, prevent and protect your enterprise – if you have the right capabilities wrapped around it.
The Best Defense is DNS Offense
Having a secure network at home is important for a variety of reasons. Maybe you do online banking or simply like to shop online every now and then. The last thing you want to be concerned with is whether or not someone else can access your network and take control of your files, private documents and entire online identity.
Now, multiply that importance by the size of an entire company (along with all the additional files, employees and confidential information), and you begin to understand the absolute necessity for leveraging DNS as part of your security architecture.
By limiting access from any client to only the systems deemed necessary, DNS Edge helps proactively prevent malware from spreading across a network, no matter how big or small. It can identify hosts that have been infected by watching for connections from those hosts to command and control systems on the internet, or connections to other internal hosts that may have also been infected as the malware continues to spread through your infrastructure. In fact, DNS can actually help backtrack to identify the original point of entry.
Don’t take a gamble on your business’ online security and capabilities – after all, it’s always better to be safe than sorry.
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.The article discusses the NotPetya malware outbreak, a destructive disk-wiping strain that exploited two recently patched Windows vulnerabilities to spread rapidly and corrupt corporate data. It explains how NotPetya used lateral movement inside enterprise networks, leveraging DNS to discover and connect to additional hosts, causing widespread impact at organizations like Maersk. The piece emphasizes that DNS, when equipped with the right defensive capabilities such as DNS Edge, can be used offensively to detect infected hosts, block malicious connections, and trace the original point of compromise to prevent further spread.
How did NotPetya manage to spread so quickly within enterprise networks?
NotPetya spread rapidly by exploiting two known Windows vulnerabilities for which patches already existed, but many users had not yet applied them. Once a machine was infected, the malware performed lateral movement inside the corporate network, hunting for other reachable hosts to compromise. DNS played a role in this process by helping the malware identify additional hosts to connect to, enabling a domino effect of infection across large environments such as multinational companies.
In what ways can DNS be used to help defend against malware like NotPetya?
The article explains that DNS can be an active part of a defensive strategy when the right capabilities are in place. DNS can limit client access to only the systems necessary, preventing unnecessary connections that enable spread. It can also detect infected hosts by observing DNS queries to known command-and-control domains or unusual internal host resolution patterns, block those malicious lookups to prevent communication, and assist incident response by backtracking DNS activity to help identify the original point of entry.
What operational risks did companies face from NotPetya and how can those be mitigated?
Companies faced severe operational risks including widespread data corruption and infrastructure disruption due to NotPetya’s disk-wiping behavior and lateral propagation across networks. The risk was amplified where Windows systems had not applied available patches, allowing initial compromise. Mitigation measures described include timely patch management to close vulnerable Windows flaws and leveraging DNS-based defenses—such as restricting client access, detecting connections to command-and-control systems, blocking malicious DNS traffic, and using DNS activity to trace the infection origin—to prevent spread and support recovery efforts.
Published in:
BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.
Related content
How to map your network with user-defined links in Integrity X
Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.
Automate your DDI modernization path by migrating with Micetro
Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.
Your journey to intelligent NetOps begins at Cisco Live
Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.
Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)
Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.