Expert Commentary On BlackCat Ransomware Claims Ownership Of Swissport Attack

Last week, Swissport was hit by a ransomware attack that caused flight delays and service disruption. BlackCat ransomware has now claimed they were behind the attack and stole data containing images of passports, internal business memos and personal information of job candidates.

Dubbed the “most sophisticated” ransomware group of 2021, BlackCat ransomware has already become quite infamous within the cybersecurity community. Earlier in February, some of its members confirmed the group was linked to the notorious BlackMatter operation. After this attack, it is likely the group will continue to strike, aiming for larger corporations or even government organizations.

Experts Comments

February 17, 2022
Juan Perez-Etchegoyen
CTO
Onapsis

This attack further confirms that BlackCat ransomware is a highly sophisticated threat group that has become increasingly dangerous. Now with access to sensitive data like passports numbers, full names, and emails, it’s highly likely that BlackCat will be conducting additional malicious activities for monetary gain.

Recent research shows that BlackCat ransomware incorporates knowledge about SAP business applications to properly function. This is of particular concern, as business-critical

.....Read More

This attack further confirms that BlackCat ransomware is a highly sophisticated threat group that has become increasingly dangerous. Now with access to sensitive data like passports numbers, full names, and emails, it’s highly likely that BlackCat will be conducting additional malicious activities for monetary gain.

Recent research shows that BlackCat ransomware incorporates knowledge about SAP business applications to properly function. This is of particular concern, as business-critical applications, like those from SAP, contain vital data (financial, customer, product, employee, etc.) that keep enterprises running. These applications have transformed the way businesses operate, but they can also introduce unnecessary risk if not properly managed and secured. Organizations are not purposeful when it comes to securing these applications, opening significant security gaps. This makes threats like ransomware far more dangerous, as attackers often seek to exploit unpatched business-critical applications to steal valuable data.

To protect their mission-critical applications and their business from sophisticated ransomware groups like BlackCat, it’s crucial for enterprises to assess all systems in their SAP landscape for any cyber threats, including missing patches, broad authorizations, insecure integrations or misconfigurations, and immediately apply all relevant mitigations. Furthermore, they must incorporate a business-critical application security program into their overall cybersecurity strategy to ensure these applications are effectively and comprehensively protected.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.