For many companies, particularly those in the logistics and utilities sectors, 2017 was a year of reckoning with a new era of cyber threats.
In a year that began with allegations that state-sponsored hacking was used to influence the US Presidential Election, followed hotly by two of history's most devastating ransomware attacks, WannaCry and NotPetya, scarcely a day went by without cybercrime dominating the headlines.
Perhaps the most prominent victim was Maersk, the Danish shipping giant responsible for around 15% of all global container shipping and the operation of 76 ports worldwide. The NotPetya attack cost Maersk an estimated $300 million, forcing the company to reinstall its entire IT infrastructure. Other high-profile targets included Deutsche Bahn, Cadbury's chocolate manufacturer, and the UK's National Health Service.
These attacks represented what security researchers call Gen V cyberattacks — large-scale, multi-vector assaults capable of spreading rapidly across networks and industries, overwhelming traditional defences that were designed to handle far simpler threats.
WannaCry Ransomware
Ransomware is a type of malicious software that encrypts a victim's files and demands payment in exchange for the decryption key. The WannaCry ransomware exploited a vulnerability in Microsoft Windows that had been discovered by the US National Security Agency (NSA) and subsequently leaked online in April 2017.
The impact on the UK's National Health Service was particularly devastating. Hospitals were forced to turn away patients, ambulances were diverted, and an estimated 7,000 appointments were cancelled as staff were locked out of critical systems.
The key lesson from WannaCry is that Microsoft had released a patch for the exploited vulnerability two months before the attack. The organisations that were hit had simply failed to apply the update in time.
The lessons from WannaCry are not purely technical. They are managerial too. Organisations need clear guidelines and enforceable policies to ensure that security patches are applied promptly, that systems are regularly audited, and that staff understand their role in maintaining cyber hygiene.
NotPetya Malware
Even more dangerous than WannaCry, the NotPetya attack used the same underlying exploit but was designed to be permanently destructive. While it masqueraded as ransomware, the encryption it applied was irreversible — meaning that even if victims paid the ransom, their data could never be recovered.
The attack was centred on Ukraine and spread primarily through a compromised update to M.E.Doc, a widely used Ukrainian accounting software package. Because many international companies, including Maersk, had operations or partners in Ukraine that used this software, the malware spread rapidly across global networks.
For the logistics industry, NotPetya underscored the danger of third-party software vulnerabilities. Companies that had no direct connection to Ukraine were nonetheless devastated because their supply chains included partners that relied on the compromised software.
Maersk CEO Soren Skou reflected on the experience by emphasising the need to isolate attacks more quickly and to build network architectures that can contain breaches before they spread across an entire organisation.
Jonathan Sharrock, Cyber Citadel