Mondelez sues Zurich for refusing to pay-up over NotPetya cyber attack

Mondelez is suing Zurich Insurance for its refusal to pay-up on a $100 million claim relating to the NotPetya virus outbreak in 2017.
Mondelez has filed suit in Illinois, according to the Financial Times. The food conglomerate that acquired Cadbury in 2010 had been seeking the insurance pay-out under the terms of its property cover, which is underwritten by the Swiss insurance giant.
In those papers, Mondelez claimed that the company had been hit twice by NotPetya, rendering 1,700 servers and 24,000 laptops "permanently dysfunctional" as a result.
Under the terms of the property insurance policy, Mondelez claims that it was entitled to claim for up to $100 million for "physical loss or damage to electronic data, programs, or software, including physical loss or damage caused by the malicious introduction of a machine code or instruction".
However, while Zurich was initially prepared to make an interim $10 million up-front payment, it later refused to pay, citing an exclusion clause for a "hostile or warlike action" by a sovereign power, or people acting on their behalf.
Zurich was able to cite security experts' claims that the NotPetya attack appeared to have been one of many launched by Russia against its neighbour Ukraine.
NotPetya struck in June 2017, just one month after WannaCry. Both made use of the same EternalBlue exploit that older, unpatched versions of Microsoft Windows were vulnerable to.
EternalBlue was revealed following the Shadow Brokers series of leaks of US National Security Agency exploits. These started in the summer of 2016, with EternalBlue part of the fifth and final tranche of leaks in April 2017. The Windows security flaw that EternalBlue took advantage of had been patched a month earlier.
The initial NotPetya attack vector was the poorly secured update server of a Ukrainian accounting company, whose software is used by around four-fifths of business in the former Soviet state. This enabled the virus to be quickly propagated, not just to organisations across Ukraine, but multinationals operating in the country.
An ensuing investigation found that the update servers of the accounting firm, ME Doc, hadn't been patched in four years. The outbreak occurred on the even of the Constitution Day public holiday in Ukraine.
source computing
Industry: Cyber Security News

Latest Jobs
-
- IAM developer - Saviynt
- United Kingdom
- Upto £60,000 plus benefits
-
IAM developer/ Consultant is required for a global consultancy who are looking to expand their deployment team within the UK Looking for a IAM developer who has experience with at least one of the following vendors Saviynt, Clearskye, Beyond Trust or Okta You will be part of a deployment team, involved in a number of high profile projects Key duties will be: implement IAM solutions to ensure secure access to applications, systems, and data for authorized users. This may involve integrating technologies and standards such as SAML, OAuth, LDAP, and RBAC. Conduct IAM audits and assessments: to identify vulnerabilities, gaps, and areas for improvement. Provide IAM support and troubleshooting and resolve incidents related to user access, authentication, and authorization.
-
- Lead Cyber Security Incident Response Consultant.
- United Kingdom
- N/A
-
Seeking skilled and passionate UK-based individual for a Lead Cyber Security Incident Response Consultant opportunity 3 core skillsets for the role Hands on technical incident response (triage and planning). Business consultancy (engaging with clients). Commercial awareness. Being able to engage in business growth conversations. Consultancy experience is an essential as it the ability to visit clients and the office. Additional experience will include, but not be limited to: Developing incident response strategies, guides and procedures for effective incident handling Proactive and reactive defense plans based on cyber threat actors' techniques Offering guidance, supervision, and fostering opportunities for team development Significant career development opportunities for the right individuals.
-
- OUTSIDE IR35 Contract- Functional tester- SC clearance Microsoft Windows Server
- London
- Outside IR35 contract
-
Front End Functional tester with SC clearance needed for an Outside IR35 project. Current valid SC clearance is required Experience with functional testing with exchange, sharepoint, SQL and other applications relating across a windows server Migration to 2019. Must be able to get to Central London 3 days a week. Jira, Wiki documentation and automation experience highly desirable.
-
- ForgeRock Consultant- UK
- United Kingdom
- Upto £100,000 plus benefits
-
ForgeRock Consultant/ Architect is require for niche consultancy who are looking to expand their presence within the UK/European Market Looking for a lead IAM architect, ideally with ForgeRock experience but would consider other vendors, But looking for someone who is able to advice and consultant with Clients but have the implementation background so they can get involved in projects as and when needed. Key duties will be: Provider IAM consultancy to clients, with a focus on ForgeRock Product stack ·Responsible for the design and implementation of ForgeRock solutions ·Install and configure ForgeRock stack to meet customer authentication and authorization requirements, ·Design and implement OAuth2 protocol using ForgeRock OpenAM, ·Design and develop OpenAM custom authentication modules, ·Configure ForgeRock stack to protect RESTful API, ·Troubleshoot and support ForgeRock IAM stack. This is a great role to join a niche play as they look to kick of their European expansion