The global and independent platform for the SAP community.

Protection racket de luxe

Looking back over the past year, one term comes to the forefront in the security environment: crypto-ransomware.
Raimund Genes, Trend Micro
February 1, 2017
it security header
avatar
This text has been automatically translated from German to English.

One thing is all too clear to cybercriminals: there is money to be made.

So far nothing new...but unfortunately I see all too often a reaction that could very well be called "shock rigidity" - or better "shock comfort", if that word existed.

By this, I mean that people talk themselves out of it by saying that this was "only a problem for private users" or that it had already been "the worst case scenario", the greatest accident that could be assumed.

But worse is always possible!

Before I go into the concrete background, I would like to invite you to a thought experiment: Imagine you are the CEO of a medium-sized company.

The service you offer is literally being snatched out of your hands by private customers, and the company is growing and thriving.

You want to expand your customer base or penetrate the existing customer base with even more products and services.

Both mean more sales, growth, and at the end of the day, your salary.

But it is precisely here that the question must be allowed as to why cybercriminals are denied this business sense. Why do people assume that the worst is behind us? Why shouldn't cybercriminals want to open up new "customer groups" or make us happy with "products"?

Here I would like to show you two current approaches that cybercriminals will "delight" us with this year.

  1. On the one hand, the expansion of a well-known scam - crypto-ransomware - to other customer groups.
  2. On the other hand, a "product" specifically for new customer groups - with higher upfront investment, but also significantly higher profit.

The original business model of crypto-ransomware is simple: data on the (private) PC is encrypted and thus becomes hostages that can be ransomed by paying a certain amount.

The value of the hostages for the blackmailed person usually increases with the amount of data. And this is exactly the starting point for an expanded business model!

Where can you find a lot of important data for which the owner is willing to pay as much ransom as possible? You might have guessed it already: in company databases.

That's exactly why cybercriminals went looking for it, and they found it in MongoDB, a widely used NoSQL database.

To simplify development, it does not use any authentication in the default installation.

If such a database is now put into regular operation and may even be accessible from the Internet, disaster is inevitable: Attackers encrypt the data in the database and leave a note in the database stating that the data can be decrypted again against payment of Bitcoins.

In 2016, up to 27,000 databases per day were taken hostage.
Once the business model has proven itself, they look for variations.

Currently, the "hijacking" or encryption of ElasticSearch servers. Behind the term ElasticSearch is a variety of search engines on websites and other services.

One could now discuss for a long time why productive databases are hanging on the Internet without backup at all.

The fact is that new services are always being made available on the Internet. Putting them online and relying on the fact that no one will find them is illusory.

Here we recommend a visit to shodan.io, a search engine for "things" (servers, devices, services) on the Internet.

To put it casually: If you connect a service online, it will be found.

If the service is not configured securely (and databases without a password are a very prominent example here) or has other security vulnerabilities, it must be assumed that it will be compromised.

Especially if there is money to be made from it.

In summary, the outlook for the future is (unfortunately):

"You can always do worse."

Therefore, initiate target-oriented safety measures, also with a view to the future.

Of course, this should not degenerate into panic and actionism - but the other extreme, rigidity in shock, does not help either.

https://e3mag.com/partners/trend-micro-deutschland-gmbh/

avatar
Raimund Genes, Trend Micro

Raimund Genes was CTO at Trend Micro.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.