SAP Application Vulnerabilities Targeted by Hackers
SAP and Onapsis Strongly Advise Organizations to Take Immediate Action.
LAST UPDATED ON APRIL 7, 2021
QUICK READ
On April 6
th, the Cybersecurity & Infrastructure Security Agency (CISA) and SAP released an alert warning that SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks.
Threat actors are carrying out a series of attacks, including theft of sensitive data, financial fraud, disruption of mission-critical business processes and other operational disruptions, and delivery of ransomware and malware.
According to Onapsis’ threat report, SAP applications are widely deployed and used for mission-critical operations worldwide by organizations in essential industries such as food distribution, medical device manufacturing, pharmaceuticals, critical infrastructure, government and defense, and more.
BankInfoSecurity
May 5, 2021
Compliance Twitter Get Permission
Attackers are targeting unpatched SAP applications, and the exploits could lead to the hijacking of the vulnerable systems, data theft and ransomware attacks, SAP and Onapsis Research Labs report. They note that patches for most of the flaws have been available for several years.
Onapsis, which monitored SAP applications for attack activities using its honeypots, notes it detected thousands of exploitation attempts using automated tools as well as manual techniques. Of these, about 300 were successful, but they did not result in customer breaches or compromise of SAP applications. Given the level of observed threat actors capabilities and widespread nature of the ongoing threat activity, SAP and Onapsis are proactively alerting organizations to take immediate action, including swift application of the relevant SAP security patches and performing a compromise assessment and forensic investigation of at-risk env
minute read
Share this article:
Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further.
Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning.
Adversaries are carrying out a range of attacks, according to an alert from SAP and security firm Onapsis issued Tuesday – including theft of sensitive data, financial fraud, disruption of mission-critical business processes and other operational disruptions, and delivery of ransomware and other malware.
SAP applications help organizations manage critical business processes – including enterprise resource planning (ERP), product lifecycle management, customer relationship management (CRM) and supply-chain management.