Stay Up to Date – Subscribe our Digital Events Calendar Now! >
+44(0)1642 309930
Join Now Login

Search by keyword and use the tabs to filter by the content type you're looking for:

Partner News

Active Cyber Threats Targeting Mission-Critical SAP Applications

Published on

Onapsis and SAP have released a new threat intelligence alert and detailed report to help SAP customers protect themselves from active cyber threats seeking to specifically target, identify and compromise organisations running unprotected SAP applications, through a variety of cyberattack vectors.

Both companies have worked in close partnership with the U.S. Department of Homeland Security (DHS) CISA and Germany’s BSI(Bundesamt für Sicherheit in der Informationstechnik), and are advising organizations to take immediate action to apply specific SAP patches and secure configurations. In addition organisations should perform compromise assessments on critical environments. (CISA: Malicious Cyber Activity Targeting Critical SAP Applications)

Critical weaknesses that are being actively exploited have been promptly patched by SAP, and have been available to customers for months, and years in some cases. Unfortunately, both SAP and Onapsis continue to see many organisations that have not applied the proper mitigations, allowing unprotected SAP systems to continue to operate, and in many cases, remain visible to attackers via the internet. Companies that have not prioritised rapid mitigation for these known risks should consider their systems compromised and take immediate and appropriate action.

The captured evidence reveals that threat actors have the motivation, means and expertise to identify and exploit unprotected mission-critical SAP applications, and are actively doing so. Our key findings include:

  • Threat actors are active, capable and widespread - Evidence of 300+ automated exploitations leveraging seven SAP-specific attack vectors, and 100+ hands-on-keyboard sessions from a wide range of threat actors. Clear evidence of cyberattackers' sophisticated knowledge of mission-critical applications ─ actively targeting and exploiting unsecured SAP applications through varied techniques, tools and procedures, including applying SAP patches post compromise.
  • The window for defenders is small - Critical SAP vulnerabilities being weaponised in less than 72 hours of a patch release, and new unprotected SAP applications provisioned in cloud (IaaS) environments being discovered and compromised in less than three hours.
  • Threats have both security and compliance impact - Exploitation would lead to full control of unsecured SAP applications, bypassing common security and compliance controls, enabling attackers to steal sensitive information, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations. Threats may also have significant regulatory compliance implications, including SOX, GDPR, CCPA and others.
    • Beyond the implications for individual SAP customers, orchestrated and successful attacks on unprotected SAP applications could have far-reaching consequences: with more than 400,000 organisations using SAP, including 92% of the Global Fortune 2000, 77% of the world’s transactional revenue touches an SAP system . These organisations include the vast majority of pharmaceutical, critical infrastructure and utility companies, food distributors, defence, manufacturing and many more industries.

    If you want to know more you can download and read the full threat report to assess your risk, and which actions to take immediately to protect your business. This report also details the specific techniques, tools and procedures (TTPs) observed by our experts, empowering defenders to respond to this activity as quickly as possible.

    To support SAP customers that require investigation, threat remediation and additional post-compromise security monitoring, Onapsis is offering a Free Rapid Assessment and, in partnership with SAP, a 3-month free subscription to The Onapsis Platform for Cybersecurity and Compliance.

    If you need more information or assistance to respond to this situation, please contact Onapsis at [email protected].

    **SPONSORED BLOG

    < Back to all Partner news
    Onapsis

    Posted by: Onapsis

    This post was submitted by Onapsis. View all of their news posts here

    Share News Item

    Our latest insights and thoughts

    View All News
    Friday 26th July 2024 SAP Sapphire 2024 – Things You May Have Missed In this blog, we’ll highlight three initiatives that SAP has launched to help customers on their SAP…
    Thursday 25th July 2024 UK & Ireland SAP User Group Mid-Year Roundup: 2024 As we reached the midpoint of 2024, it’s time to reflect on the exciting developments and initiatives that have shaped the first half of the year at the UK &…
    Wednesday 24th July 2024 Access to SAP Learning Hub via UKISUG To continue to address gaps in knowledge and provide hands-on experience with SAP products, we’re delighted to continue offering discounted access to the SAP…

    Filter by Topic

    Filter by Focus Group

    • Events
    • Resources
    • Posts
    • Pages
    • SIGS
    • Partners
    Show Advanced Filters

    Filter by Event Type

    Filter by Category

    Show Advanced Filters

    Filter by Category

    Filter by Type

    Key Links
    Contact Us

    Phone

    +44(0)1642 309930

    Email

    [email protected]

    Address

    UK and Ireland SAP User Group
    Lockheed Court
    Preston Farm
    Stockton On Tees
    TS18 3SH

    Connect with Us

    © UK and Ireland SAP User Group 2024. Registered in England No. 03908435

    Designed and Built by Better