Although some experts consider NotPetya a variant of Petya, the two are generally regarded as separate and distinct. NotPetya is far more contagious than Petya, seemingly with no way to stop it from quickly spreading from one host to another.
Security is the weakest when sysadmins and developers race against time and deadlines. Opportunistic attackers take advantage of the "economy of attention" as developers can often overlook security risks.
According to research by Mandiant, global median dwell time, which is calculated as the median number of days an attacker is present in a target’s environment before being detected, decreased from 24 days in 2020 to 21 days in 2021.
It is an extension of the 2017 Spectre version 2 attack, also known as Spectre-BTI (Branch Target Injection) and, just like Spectre v2, can result in the leak of sensitive information from the privileged kernel memory space.
The new solution is to shape memory requests by running them through a request shaper, called DAGuise, that uses a graph structure to process requests and send them to the memory controller on a fixed schedule.