NotPetya: DNS-leveraging Malware

Hot on the heels of last month’s WannaCry ransomware attack comes a new threat: NotPetya.


July 11, 2017

Hot on the heels of last month’s WannaCry ransomware attack comes a new threat: NotPetya. Also referred to by names such as ‘SortaPetya’ and ‘GoldenEye’, NotPetya is a savage piece of malware that serves as a disk wiping platform and corrupts a computer’s data. As the malware rapidly spread around the world, DNS technology became a pawn in the attack.

NotPetya thrives off of two Windows vulnerabilities, both of which had been recently identified and patched by the operating system company. However, users who had not yet downloaded the patches were especially susceptible to the attacks, which used these loopholes to spread.

Lateral Movement

As if NotPetya wasn’t scary enough, true terror came for global enterprises when it was discovered that the malware could travel laterally throughout a company’s network. Infected systems would hunt for other targets within a network, creating a vicious domino effect across companies such as international shipping giant Maersk.

In order for this kind of malware to spread across a network, DNS is leveraged as a navigation aide – helping to identify additional hosts that can be connected to and taken over. Thankfully, DNS can also be part of the solution to malware attacks like this, as it can be utilized to detect, prevent and protect your enterprise – if you have the right capabilities wrapped around it.

The Best Defense is DNS Offense

Having a secure network at home is important for a variety of reasons.  Maybe you do online banking or simply like to shop online every now and then. The last thing you want to be concerned with is whether or not someone else can access your network and take control of your files, private documents and entire online identity.

Now, multiply that importance by the size of an entire company (along with all the additional files, employees and confidential information), and you begin to understand the absolute necessity for leveraging DNS as part of your security architecture.

By limiting access from any client to only the systems deemed necessary, DNS Edge helps proactively prevent malware from spreading across a network, no matter how big or small. It can identify hosts that have been infected by watching for connections from those hosts to command and control systems on the internet, or connections to other internal hosts that may have also been infected as the malware continues to spread through your infrastructure. In fact, DNS can actually help backtrack to identify the original point of entry.

Don’t take a gamble on your business’ online security and capabilities – after all, it’s always better to be safe than sorry.

Published in:

An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more