The attack stopped in its tracks: Darktrace analysts detected the suspicious ELF download and a flurry of odd DNS and SSL connections to known malicious infrastructure. The British cybersecurity outfit claims its “Autonomous Response” intervened within minutes, restricting the device to its usual, legitimate activities while analysts investigated unusual behavior.Darktrace researchers said the malware stalled when it couldn’t reach its C2, revealing a built-in suppression tactic to evade sandbox analysis. Containment actions were extended for 24 hours, giving the customer time to remediate.The CVSS 10.0 SAP Netweaver flaw received a patch from the company in April, which was rolled out to customers in SAP Security Note 3594142, accessible only through authentication. Those who couldn’t immediately apply the patch were advised to disable or prevent access to the vulnerable component by following instructions in SAP note 3596125. SAP did not immediately respond to CSO’s request for comments on this discovery. Sclafani recommended a list of measures for security teams, including immediate patching of the flaw, enhancing anomaly and lateral movement detection, implementing network segmentation and zero-trust, and investing in AI-powered autonomous response.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4030383/auto-color-rat-targets-sap-netweaver-bug-in-an-advanced-cyberattack.html
