The cybersecurity threat creating the most buzz (and with this the greatest level of concern) is BlackCat, a form of ransomware. This software has quickly gained notoriety in the past few months, particularly for its clever techniques.
The malicious software is deployed as a form of ‘ransomware-as-a-service’, in that BlackCat is seeking affiliates to deploy its ransomware. Affiliates keep an 80-90% share of the ransom payment, with the remainder going to the BlackCat author.
Security researchers believe this ransomware family to be a rebrand of the infamous BlackMatter group, in which its developers profited from threat actors that leveraged the ransomware to deploy it against victims.
One of the concerns with the ransomware package is with its highly-customizable feature set. This allows the software to be deployed for attacks on a wide range of corporate environments.
JP Perez-Etchegoyen, CTO at Onapsis has told Digital Journal that he believes that business-critical applications are at high risk of exploitation, and enterprises must take the appropriate measures to secure them.
Perez-Etchegoyen says that some business essential processes are particularly at risk: “Business-critical applications, like those from SAP, contain vital data (financial, customer, product, employee, etc.) that keep enterprises running. These applications have transformed the way businesses operate, but they can also introduce unnecessary risk if not properly managed and secured. Organizations are not purposeful when it comes to securing these applications, opening significant security gaps. This makes threats like ransomware far more dangerous, as attackers often seek to exploit unpatched business-critical applications to steal valuable data.”
Moving on to discuss the threat landscape, Perez-Etchegoyen finds: “Multiple threats target business applications today, from the active exploitation of security vulnerabilities to the execution of ransomware. Attackers incorporate knowledge of SAP applications to exploit known vulnerabilities or improve the effectiveness of ransomware so it also works on SAP applications.”
In addition: “This was also seen on ransomware such as Revil or Blackcat, which include information from SAP specific processes such as saposcol, sapstartsrv or saphostexec to disable the backup and recovery processes in SAP application servers.”
There are measures that businesses can take, however. Perez-Etchegoyen sees these as: “To protect their mission-critical applications and their business from cyber threats such as ransomware, it’s crucial for enterprises to assess all systems in their SAP landscape for any cyber threats, including missing patches, broad authorizations, insecure integrations or misconfigurations, and immediately apply all relevant mitigations.”
“Furthermore”, Perez-Etchegoyen adds, “they must incorporate a business-critical application security program into their overall cybersecurity strategy to ensure these applications are effectively and comprehensively protected.”
