Layer Seven Security Releases Updated Ransomware Guide for SAP

⇨ MGM Resorts reported a major cyber attack that severely disrupted its operations including online and payment processing systems.

⇨ SAP systems are not immune to ransomware.

⇨ In response to these recent breaches, Layer Seven Security has released an updated guide for securing SAP solutions from ransomware.

SAP systems are not immune to ransomware, which means SAP clients are in need of ransomware protection from cybersecurity industry-leaders such as Layer Seven Security. Such customers would also be advised to stay up to speed with recent cyberattacks that have hit the headlines.

Earlier this month, MGM Resorts reported a major ransomware attack that severely disrupted its operations including online and payment processing systems. Threat actors are reported to have breached MGM’s network and systems and exfiltrated several terabytes of sensitive data. The company was forced to shut down several key systems as it worked with law enforcement agencies and cybersecurity companies to investigate and contain the breach.

MGM reported the incident in form 8-K filings required by the Securities and Exchange Commission (SEC). New SEC rules effective from September 5th require publicly listed organizations in the US to disclose material cybersecurity incidents within four business days.

The hacking group Scattered Spider, part of the ALPHV cybercriminal organization, has claimed responsibility for the breach. Scattered Spider is believed to have breached around 100 organizations within the last two years, mostly in the US and Canada. According to statements released by ALPHV, also known as BlackCat, the group was able to breach MGM by exploiting vulnerabilities in an access and identity management provider and cloud tenant. Once they gained administrative access to more than 100 ESXi hypervisors at MGM, ALPHV began deploying ransomware in the compromised systems. Ransomware is a form of malware that encrypts the file system to lock targets until a ransom is paid by the victim.

Caesars Entertainment also reported in September that it had been the victim of a successful ransomware attack that breached personally identifiable information in its loyalty program database including driver’s licenses and social security numbers. Caesars disclosed in it’s 8-K filing with the SEC that the organization paid a $15m ransom to prevent the disclosure of the stolen data and restore access to its compromised systems.

The business impact of ransomware can be significant in terms of both direct and indirect costs and reputational harm. For example, the credit rating agency Moody’s has warned that the cyberattack at MGM could negatively impact the credit rating of the company.

SAP systems are at risk from ransomware. They can be compromised through vulnerable operating systems supporting SAP solutions, insecure protocols, interfaces and cross-system interfaces, and OS commands performed through the application layer that exploit trust relationships between SAP applications and hosts.

In response to the recent breaches at Caesars and MGM, Layer Seven Security has released an updated guide for securing SAP solutions from ransomware. Layer Seven Security is an industry-leader in cybersecurity services and solutions for SAP. The guide provides clear and succinct recommendations to identify, prevent and detect ransomware attacks in SAP systems, as well as restore systems during the recovery phase. Download the guide directly from SAPinsider by following this link.