The June 2017 Petya (Petna, Petrwrap, etc.) outbreak injected some much un-needed excitement into an IT sector just starting to come to terms with the implications of the WannaCry outbreak a few weeks beforehand.
In the immediate wake of WannaCry there was a discussion around what could have been done to reduce the impact of the outbreak, but even without the benefit of hindsight it was easy to point to slow patching cycles and the questionable architectural/configuration decision of allowing SMB traffic from external addresses past the network boundary.
However, as discussed in our earlier blog post, June 2017’s Petya campaign appears to have been deployed via a malicious software update and used PsExec and WMIC commands in addition to the now-notorious ‘Eternal’ SMB exploits to spread laterally across compromised networks. Do these observations and recommendations therefore still hold true for Petya?
Article Link: https://blogs.forcepoint.com/security-labs/psexec-wmic-–-admin-tools-techniques-and-procedures