Can Your SAP Application Spread Malware Like Facebook Did?
Jan 3, '17 by Joerg Schneider-Simon
In late November 2016, the low-tech ransomware program “Locky” began spreading via scalable vector graphics (SVG) images sent through Facebook Messenger.
Internet security expert Peter Kruse was one of the first to confirm the attack:
Why SVG Files?
An SVG file is an XML-based format for rendering two-dimensional graphics in browsers.
Because these vector graphics render to the maximum available resolution, they’re ideal for ensuring images like corporate logos look great on websites, regardless of the browser, device, operating system or screen resolution used. In fact, you’ll find SVGs operating safely on many Web sites—including bowbridge’s!
How Does Locky Spread?
For the victim, it simply looks as if a friend sent them an image via Facebook Messenger. When opened, the victim is sent to a website that appears to be YouTube, where a pop-up window asks the victim to install a codec (presented as a Chrome extension) to play the video.
Instead, the codec installs Locky, which sets off a chain of actions:
- The malware encrypts the victim’s data – including videos, images, application files and even data on unmapped networks. Locky also removes shadow copies, such as live backup snapshots, making it harder to retrieve the encrypted data.
- The attackers demand a ransom, usually .5 to 1 bitcoins, to decrypt them. (1 bitcoin was valued at nearly $780 on Dec. 13, 2016).
- Attackers are also able to take control of browser windows, masking any data on the websites they visit.
- Details on current web sessions are exfiltrated to the attacker, which allows the attackers to collect the victim’s user credentials or even capture (or modify) the victim’s application inputs.
Previously, Locky had spread via malicious macros in Word documents and spam emails. With the recent Facebook attack, the cybercriminals seized control of the victim’s Facebook account and messaged all of the victim’s Facebook friends with the same corrupt SVG image file.
Your SAP application may be at risk of spreading malware just as Facebook Messenger did.
Protect Your SAP Application from Causing Damage
Fortunately, SAP’s Virus Scan Interface (NW-VSI) combined with bowbridge’s SAP-certified antivirus solution detects and blocks active content in file transfers. Users can safely open files and simply see beautifully rendered SVG images, without the risk of infection or worse.
As the only vendor to focus exclusively on SAP security, bowbridge is prepared to protect your business against threats like viruses and malware from uploaded files. Are you prepared? Learn more about your security options by contacting us today.