Monday, May 20, 2024

Beware of the black cat ransomware: Dangerous and on the prowl

Black Cat Ransomware: During February 2022,  Swissport was hit by a ransomware attack and the consequence of this led to flight delays and service disruption. BlackCat ransomware has now claimed they were behind the attack and stole data containing images of passports, internal business memos and personal information of job candidates.

Dubbed by some security analysts to be the “most sophisticated” ransomware group of 2021, BlackCat ransomware has already become quite infamous within the cybersecurity community. Earlier in February, some of its members confirmed the group was linked to the notorious BlackMatter operation. After this attack, it is likely the group will continue to strike, aiming for larger corporations or even government organizations.

Commenting on the activities of this group for Digital Journal is JP Perez-Etchegoyen, CTO at Onapsis. Perez-Etchegoyen outlines some of the possible methods of future attacks.

Perez-Etchegoyen considers the nature and complexity of the recent attack: “This attack further confirms that BlackCat ransomware is a highly sophisticated threat group that has become increasingly dangerous. Now with access to sensitive data like passports numbers, full names, and emails, it’s highly likely that BlackCat will be conducting additional malicious activities for monetary gain.”

Perez-Etchegoyen  adds that one reason why the attacks are successful is based on the detailed knowledge that the group members possess about business information technology. According to the analyst: “Recent research shows that BlackCat ransomware incorporates knowledge about SAP business applications to properly function. This is of particular concern, as business-critical applications, like those from SAP, contain vital data (financial, customer, product, employee, etc.) that keep enterprises running.”

Recommended:  Footprinting Firewalls | Reconnaissance Tutorial [FREE COURSE CONTENT]

Whilst these applications have transformed the way businesses operate, they can also introduce unnecessary risk if not properly managed and secured. Here Perez-Etchegoyen points out an additional vulnerability connected to updating SAP and other important systems: “Organizations are not purposeful when it comes to securing these applications, opening significant security gaps. This makes threats like ransomware far more dangerous, as attackers often seek to exploit unpatched business-critical applications to steal valuable data.”

There are different measures that can be adopted, and Perez-Etchegoyen presents these as: “To protect their mission-critical applications and their business from sophisticated ransomware groups like BlackCat, it’s crucial for enterprises to assess all systems in their SAP landscape for any cyber threats, including missing patches, broad authorizations, insecure integrations or misconfigurations, and immediately apply all relevant mitigations.” Lastly, Perez-Etchegoyen recommends: “Furthermore, they must incorporate a business-critical application security program into their overall cybersecurity strategy to ensure these applications are effectively and comprehensively protected.”

What is Ransomware & How Does It Work?

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Close
Recommended:  Americold Operations Downed by Cyber-Attack
Please login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security