fbpx

Onapsis, SAP Release New Cyber Threat Intelligence Report

Cyber-Threat-Intelligence.png

The new cyber threat intelligence report provides actionable information that would help customers defend their mission-critical SAP applications from active cyber threats.

The new threat intelligence report jointly developed by Onapsis and SAP, proactively released on the 6th of April, highlighted active threat activity through a variety of cyberattack vectors seeking to specifically target, identify and compromise organisations running unprotected SAP applications. The report aims to enable organisations to take immediate action, including the swift application of relevant SAP security patches, and investigate their critical cybersecurity and compliance governance gap, to be able to protect mission-critical applications and operations.

Tim McKnight, Chief Security Officer at SAP, stated that the recent research effort reflects Onapsis and SAP’s long-term commitment to ensure the protection of their customers from cyber threats. He said: 

“We’re releasing the research Onapsis has shared with SAP as part of our commitment to help our customers ensure their mission-critical applications are protected. This includes applying available patches, thoroughly reviewing the security configuration of their SAP environments and proactively assessing them for signs of compromise.”

The U.S. Department of Homeland Security’s CISA and Germany’s Federal Office for Information Security (BSI) have also released alerts and notifications recommending operators of SAP systems to review the threat intelligence report.

Cyber Threat Intelligence Report Highlights

The evidence captured in the report titled “Onapsis: Threat Intelligence Report Active Cyberattacks on Mission-Critical SAP Applications” reveal a complex threat landscape targeting mission-critical SAP applications including, but not limited to enterprise resource planning (ERP), supply chain management (SCM), human capital management (HCM), product lifecycle management (PLM), customer relationship management (CRM) and others.

Through the years, Onapsis and SAP have been working closely to identify and fix critical issues in SAP software to ensure customers are proactively protected. Though SAP issues monthly patches to address critical vulnerabilities, it is expected that customers continue to regularly apply mitigations and system configurations to keep critical business processes and data protected and in compliance. 

The report stated that though SAP has promptly patched the observed exploited critical weaknesses– with patches already made available to customers for months– many organisations still have not applied necessary mitigations, which leaves their SAP systems vulnerable to cyberattacks.

Here are some of the key details in the threat intelligence report:

  • Threat actors are active, capable, and widespread. Conclusive evidence of 300+ automated exploitations leveraging seven SAP-specific attack vectors and 100+ hands-on-keyboard sessions from a wide range of threat actors– clear indications of sophisticated knowledge of mission-critical applications.
  • The window for defenders is significantly smaller than previously thought. Critical SAP vulnerabilities being weaponised in less than 72 hours of a patch release and new unprotected SAP applications provisioned in the cloud (IaaS) environments being discovered and compromised in less than three hours.
  • Threats have both security and compliance impacts. Exploitation would lead to full control of unsecured SAP applications, bypassing common security and compliance controls, enabling attackers to steal sensitive information, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations. Threats may also have significant regulatory compliance implications, including SOX, GDPR, CCPA, and others.

Mariano Nunez, CEO and Co-Founder of Onapsis, emphasised that SAP has shown outstanding improvements in proactively ensuring its customers’ security based on their observation being the software company’s cybersecurity and compliance partner. Explaining how the active threats arose despite SAP’s efforts, he said: 

“The critical findings noted in our report describe attacks on vulnerabilities with patches and secure configuration guidelines available for months and even years. Unfortunately, too many organisations still operate with a major governance gap in terms of the cybersecurity and compliance of their mission-critical applications, allowing external and internal threat actors to access, exfiltrate and gain full control of their most sensitive and regulated information and processes. Companies that have not prioritised rapid mitigation for these known risks should consider their systems compromised and take immediate and appropriate action.”

Know more about the joint cyber threat intelligence report, including the specific techniques, tools, and procedures (TTPs) observed by Onapsis’ experts, here.

Share this post

submit to reddit
scroll to top