Understanding the Involvement of Ransomware Gangs in Recent SAP NetWeaver Attacks
“`HTML
Ransomware Gangs Join Ongoing SAP NetWeaver Attacks
Recent evidence suggests that ransomware gangs have begun leveraging an already-exploited maximum-severity vulnerability in SAP NetWeaver, a technology platform that is a technical foundation for several SAP applications, in a bid to gain remote code execution on vulnerable servers, a disturbing escalation of cyber threats.
Understanding the Vulnerability
The RECON (Remotely Exploitable Code On NetWeaver) vulnerability (CVE-2020-6287) has been under attack since it was disclosed in July 2020.
The flaw, which SAP rated at 10 out of 10 on the severity scale, allows unauthenticated hackers to gain access to SAP servers and execute code, leading to a full compromise of the server.
Recent Development: Ransomware Gangs
New findings from cyber Threat Intelligence firm, Onapsis, suggests that established ransomware gangs are exploiting the RECON vulnerability as part of their operations.
The popular Sodinokibi (REvil) and Pay2Key ransomware groups are among those seen in relation to the ongoing SAP NetWeaver attacks.
Implications for IT Security
This development represents a significant shift in the threat landscape for organizations using SAP NetWeaver.
Unlike novice hackers, ransomware gangs implement advanced strategies, including data exfiltration, strategically timed attacks, and even multiple-pronged attack methods, making them highly dangerous and disruptive.
Preventive Measures and Recommendations
SAP issued a patch for the RECON vulnerability in July 2020.
To mitigate the risks, organizations are advised to apply the patches promptly if not done yet.
Furthermore, regular vulnerability assessments and penetration testing should be a part of organizations’ cybersecurity strategy.
Also, the implementation of an Incident Response Plan will help companies react rapidly and decisively to any incidence of compromise.
In addition to SAP’s patch, it’s recommended to deploy a reliable security system that provides a holistic approach towards vulnerability management including threat intelligence, detection, and response capabilities.
Finally, user awareness and training programs need to be given focus to instill a strong security-first culture within an organization.