The report, released Tuesday, is based on an analysis of threat activity directed at SAP environments over the past several months and going back to mid-2020. Its conclusions prompted an advisory this week from the Department of Homeland Security s Cybersecurity and Infrastructure Security Agency (CISA), urging SAP customers to review the report and apply security patches as needed. There has been historically a belief that mission-critical apps are not being attacked or that they are obscure enough that the skill to exploit them is not widespread, says Mariano Nunez, CEO and co-founder of Onapsis.
What the threat analysis shows is not only are cybercriminals attacking such apps, but they are doing so with considerable skill, planning, and motivation, he says.