TNT blocked by malware

[Acid-drop]

To discuss this news :
https://www.aviation24.be/airlines/tnt-air ... ked-liege/

100 trucks, 40 flights canceled, 100.000 packages delayed.

Some comments :
- it's not a cyber attack, it's simple malware (throwing 5 stones in the sky and hitting randomly 3 people is not an attack in my eyes, it's certainly not targetted)
- the vulnerability used was patched by microsoft long ago and for those who didn't want to patch there were known alternatives
- Most anti malware software block the attack (Symantec knows about variants of Petya from 2016 and could protect its clients for example)
- TNT seems be the the only airline impacted and one of 5 companies impacted in BE

=> conclusion : it's one of those things that happen in Belgium but shouldn't.

[sn26567]

TNT says it is affected worldwide, not only in Belgium. How can you be sure that the virus hit in Belgium first, and not inn Holland, England or Germany?

And maybe it is not a cyber-attack (although all media, also international ones, refer to it by this word), but it is certainly worse than a normal malware: it's a ransomware with sophisticated codes to hide the destination of the money to be paid in bitcoins!

[Acid-drop]

TNT says it is affected worldwide, not only in Belgium. How can you be sure that the virus hit in Belgium first, and not inn Holland, England or Germany?

You can't know. But it's not that important where it started, the first is as vulnerable as the last. The mess is wide.
Worldwide issue then much better.

And maybe it is not a cyber-attack (although all media, also international ones, refer to it by this word), but it is certainly worse than a normal malware: it's a ransomware with sophisticated codes to hide the destination of the money to be paid in bitcoins!

yes, same things as 6 weeks ago.
i guess they'll change the vocabulary after 600 times over 10 years
But don't forget, as exceptional as it may sound, "attacks" are a daily matter and only a few entreprise failed today.

Now, aside of each other opinions, we can talk facts:
1. TNT does not patch windows vulnerabilities
2. TNT does not have an anti malware system (or at least not an efficient one)
3. Since it's using the same vulnerability, we can say TNT got luckily through wannacry 6 weeks ago and got less luck with this one (the new seems to be more sophisticated, that could explain why, but it doesn't cancel point 1 and 2)

(far from aviation, true)

[PttU]

To discuss this news :
https://www.aviation24.be/airlines/tnt-air ... ked-liege/

100 trucks, 40 flights canceled, 100.000 packages delayed.

Some comments :
- it's not a cyber attack, it's simple malware (throwing 5 stones in the sky and hitting randomly 3 people is not an attack in my eyes, it's certainly not targetted)

I would call spraying around with a machine gun and hitting whatever random people or objects you're hitting an attack, not simply a weapon.

- the vulnerability used was patched by microsoft long ago and for those who didn't want to patch there were known alternatives

About two months isn't that long. See https://www.rapid7.com/db/vulnerabiliti ... -2017-0199

- Most anti malware software block the attack (Symantec knows about variants of Petya from 2016 and could protect its clients for example)
- TNT seems be the the only airline impacted and one of 5 companies impacted in BE

=> conclusion : it's one of those things that happen in Belgium but shouldn't.

Happened in the Netherlands (big impact on Maersk and other companies active in harbour and transport), and all around the world as well. Target was probably Ukraine (timed one day before a national holiday over there), but once malware is spreading, it doesn't stop at borders.

For a deeper technical dive: https://tweakers.net/reviews/5539/inter ... ecies.html

[jan_olieslagers]

@Acid_drop: thanks for inside insights and comments. I did wonder why none of my Unix boxes seemed to be affected!