A general view of the headquarters of SAP AG in Walldorf, Germany. (Photo by Thomas Lohnes/Getty Images)
Multiple hackers are actively targeting SAP installations that have not updated in nearly a year or use poor account management. The warning, which came from the Department of Homeland Security, SAP and Onapsis, is based on research documenting activity in the wild.
“We want to really send a strong message to our customers around better managing the security of their systems, where they have not,” said Tim McKnight, SAP chief security officer, in a briefing for reporters. “These are patched systems, these are things that have already been fixed. But we’re concerned about customers that have not applied the fixes for months or years to date.”