Forem: David

[Boost]

David — Fri, 18 Jul 2025 14:10:30 +0000

How a Mandatory Accounting Software Became the Gateway to Ukraine’s NotPetya Cyberattack

David ・ Jul 18

How a Mandatory Accounting Software Became the Gateway to Ukraine’s NotPetya Cyberattack

David — Fri, 18 Jul 2025 14:05:26 +0000

In 2017, the world witnessed one of the most devastating cyberattacks in recent history: the NotPetya attack. Unlike most malware, NotPetya wasn’t designed for profit, but for destruction. Its primary goal was to cause as much damage as possible, with Ukraine at the epicenter of this digital disaster.

What was NotPetya?

NotPetya is a wiper-type malware, meaning its main intent is to erase and render data unusable, rather than simply holding it for ransom like traditional ransomware. The attack quickly spread throughout Ukraine and beyond, impacting global companies like Maersk, Merck, and several others.

The Role of MeDoc

The entry point for the attack was MeDoc, a popular accounting software in Ukraine. The Ukrainian government required companies paying taxes in the country to use MeDoc in their systems. This meant that virtually every significant business had the software installed.

The hacker group, linked to the GRC, compromised MeDoc’s update infrastructure, injecting NotPetya into a legitimate software update. When companies updated MeDoc, they unknowingly opened the door to the attack.

The Impact

The results were catastrophic: approximately 1 in every 10 computers in Ukraine was affected. The attack crippled banks, airports, hospitals, and private companies, causing billions in damages. Since NotPetya spread rapidly across internal and external networks, organizations outside Ukraine were soon affected as well, showing how a targeted attack can have global consequences.

Lessons for Developers and Companies

The NotPetya case leaves valuable lessons:

Critical dependencies: When mandatory software is compromised, it becomes a powerful vector for mass attacks.
Secure updates: Ensuring the security of software update supply chains is crucial.
System isolation: Critical systems should be isolated to minimize attack impact.
Resilience and backups: Offline backups and robust incident response plans are essential for business continuity.
Continuous vigilance: Geopolitical context can influence a company’s cyber risk profile.

NotPetya was more than just another malware attack; it was a global wake-up call about the dangers of compromised software supply chains and how technical and political decisions can increase attack surfaces. The key takeaway: security is a shared responsibility and must be present at every stage of system development and operation.

How is the importance of clean code?

David — Thu, 06 Mar 2025 16:29:44 +0000

Hello, developers out there. I imagine you've heard of the famous book Clean Code by Robert Cecil Martin. Basically, this concept called "Clean Code" aims to make code easy to read, understand and maintain. Understanding how to write clean code is highly valuable in the market.

But how do I achieve this clean code?

First: Keep Calm, not is necessary your code be clean
But is recommended

First, see the benefits:
If you are into a company, anothers devs can understand your code and do
updates
I'll help you finish this blog post:

But how do I achieve this clean code?

First: Keep Calm, not is necessary your code be clean
But is recommended
First, see the benefits:

If you are into a company, anothers devs can understand your code and do updates. This improves team efficiency and reduces onboarding time for new developers.

Second, clean code makes maintenance easier. When you return to your code after months or even years, you'll thank yourself for writing readable, self-explanatory code.

Third, it reduces bugs. Clear code allows you to spot problems more easily and prevents many common errors from occurring in the first place.

So how do we actually write clean code? Here are some core principles:

Meaningful names: Variables, functions, and classes should have descriptive names that reveal their purpose. Avoid abbreviations and single-letter variables (except in specific contexts like loops).
Functions should do one thing: Keep functions small and focused on a single task. This makes them easier to understand, test, and reuse.
Comments are a last resort: Good code should be self-documenting. If you need a comment to explain what your code does, consider rewriting the code to make it clearer.
Consistent formatting: Follow a style guide and be consistent with indentation, spacing, and braces. Many teams use automatic formatters like Prettier or Black.
Error handling: Deal with exceptions properly and don't swallow errors. Make sure error messages are informative.
Unit tests: Clean code is testable code. Writing tests forces you to create modular, well-structured code.
Avoid duplication: Follow the DRY principle (Don't Repeat Yourself). Extract repeated code into reusable functions.

Let me share a quick example of transforming messy code to clean code:

// Before
function x(a, b, c) {
  let res = 0;
  for(let i = 0; i < a.length; i++) {
    if(a[i] > b && a[i] < c) {
      res += a[i];
    }
  }
  return res;
}

// After
function sumNumbersInRange(numbers, lowerBound, upperBound) {
  return numbers
    .filter(number => number > lowerBound && number < upperBound)
    .reduce((sum, number) => sum + number, 0);
}

Remember, clean code is a journey, not a destination. You won't master it overnight, but with practice and awareness, your code will gradually improve.

Start small—refactor one function at a time. Review your pull requests before submitting them. Read other developers' code and learn from it.

The most important thing is to care about your craft. As Martin says, "Clean code always looks like it was written by someone who cares."

What's your experience with clean code? Share in the comments below!