Where Cybercrime Against SAP is Bought and Sold

Oct 17, '17 by Joerg Schneider-Simon

October is Cybersecurity Awareness Month. We take a look at the explosive growth of cybercrime as a service and how it puts your SAP system at risk.

We live in an age where we can outsource just about anything. From virtual assistants to lawn care services, all it takes is a quick online search to find people willing to do the jobs we want to offload.

Even if that job is cybercrime.

It’s easy to think of cybercriminals as people who are well-versed in hacking and deftly able to slip past cybersecurity defenses with a genius-level mastery of code. For the most part, that’s an accurate description.

However, there’s a new breed of cybercriminal out there. They don’t have the hacking skills needed to get what they want. What they do have is a little bit of bitcoin and the desire to harm. And it’s not difficult for them to find services that will happily do their hacking for them — often for less than the cost of a fast-food lunch.

Cybercrime as a service (CaaS) is a fast-growing underground industry where would-be criminals can easily outsource cyberattacks to people who can do it faster and better. The services offered include password stealing, ransomware, DDoS attacks and phishing.

Just recently,  researchers found two new types of outsourced services. One is a credential-stealing malware service marketed to Russian-speaking web forums for as little as $7 USD. According to the researchers who unearthed it, the executables are encrypted, making it more difficult to detect and analyze than one might expect for that price.The other is a phishing as a service (PhaaS) platform offering hacking tutorials and tricks along with posted credentials of previous phishing victims.

In addition, ransomware as a service is skyrocketing. Carbon Black’s Threat Analysis Unit (TAU) used its own intelligence network to report on this phenomenon, and found that from 2016 to 2017, there has been a 2,502% increase in the sale of ransomware on the dark web. Its popularity can be attributed to its ease of deployment combined with a high chance of profit — for would-be cybercriminals, ransomware as a service is all gain, no pain.

These services are among countless more found on the dark web, resulting in a steady and large increase in the number of cyberattacks. In fact, ransomware damages alone are expected to rise to six billion dollars in 2017, according to CIO Insight. Additionally, 39% of cybersecurity professionals said it would likely take two days to several weeks to recover from a ransomware attack.

But the most worrisome part? SAP is an increasingly popular target among cyberattackers.

Buying Attacks Against SAP

There’s a reason why SAP is such a desirable target for cyberattacks: It’s the nerve center of any large organization with touchpoints in accounts receivable and payable, human resources, purchasing, project planning, inventory data, supply chain, finance and beyond. A successful attack on SAP can result in millions of dollars of damage or the theft of highly valuable proprietary data.

Beyond the golden egg value that SAP offers to hackers, there’s also the fact that SAP is designed for functionality, not security. So, if it’s not configured for maximum security and protected by a robust SAP-specific security solution, cyberattackers can easily slip malicious code into the system. In our own tests, 52% of the SAP systems we surveyed did not prevent us from uploading a test malware.

How to Fight Back Against Cyberattackers

During Cybersecurity Awareness Month — and every month — your organization should make your SAP system more resistant to cybercrime by:

  • Where possible, use a strong 2-factor authentication to secure access to SAP applications.
  • Keeping your SAP system updated with the latest security patches.
  • Configuring your programs so they do not automatically launch active content when files are opened.
  • Identify and secure all data-paths into SAP applications.
  • Remembering that OS-level antivirus programs don’t protect SAP. Instead, you should install a cybersecurity solution that’s designed specifically and solely for SAP.

Cybercrime as a service will continue to grow in the coming years as would-be cyberattackers realize the power in outsourcing the job to the experts. Ensuring the safety of your SAP system and company will require a similar team approach, pooling the strengths of experts to build a total defense.

Want to know more about the threats that cyberattackers level at SAP and why they often succeed? Download our white paper today.

Can SAP E-Recruiting Expose Your Company to Risk?