As reported by PCWorld, enterprises that use SAP client software are in the cross-hairs of a new malware variant that researchers believe is the first created by adversaries, rather than by researchers as a proof-of concept.
The malware, which was discovered by anti-virus firm Doctor Web, is believed to be a variant of the Trojan.lbank family. As for its behaviour, for the moment, it appears to be on a scouting mission to gather data on potential victims in advance of an APT attack (advanced persistent threat). Click here to learn more about APTs.
“We’ve analyzed the malware and all it does right now is to check which systems have SAP applications installed,” commented Alexander Polyakov, the CTO of ERPScan, which develops security products for SAP systems. “When malware does this type of reconnaissance to see if particular software is installed, the attackers either plan to sell access to those infected computers to other cyber criminals interested in exploiting that software or they intend to exploit it themselves at a later time.”
Once adversaries gain access to SAP servers and SAP client applications running on workstations, they could cause massive damage — which would be magnified by the fact that 80% of enterprises on the Forbes 500 use SAP. Such damage could include: stealing passwords, trade secrets, and other intellectual property; setting up fraudulent financial transactions; and even manipulating an enterprise’s stock value.
While we — along with security researchers and especially enterprise CISOs around the world – will pay close attention to what this rather threatening new malware variant does next, we can note at least two things:
- As mentioned above, this is believed to be the first malware ever designed by adversaries (rather than researchers as a proof-of-concept) to target devices with SAP client software installed. Unfortunately, this means that other adversaries will follow suit, and in a few months we’ll likely be focusing on the “explosion in malware and malware variants” targeting enterprises using SAP and other similar enterprise software.
- Even the most up-to-date anti-virus software won’t be able to keep up with the frequency and velocity at which this new Enterprise software targeting malware — and variants of existing malware — will be created (read more about how anti-virus software is failing to catch all cyber threats). Therefore, enterprises need to arm themselves with a solution that lets them detect real attacks as they occur vs. assuming that everything is OK…when the truth could be very different.
Learn more about how your enterprise can effectively and affordably detect new and previously unknown attacks by advanced malware and malware variants targeting devices with SAP client software – along with your other platforms, programs, systems, and devices – by downloading our free, informative White Paper “Combating Advanced Persistent Threats through Detection”.
// ]]> 
// ]]>
The post New Malware Variant Attacking Enterprises Using SAP appeared first on Seculert Blog on Advanced Threats and Cyber Security.
