Search

Cyber Tech Talk Features: The Onapsis Research Labs

/in /by

ON DEMAND

The award-winning Onapsis Research Labs is a team of cybersecurity experts who combine in-depth knowledge and experience to deliver security insights and threat intel affecting business-critical applications, such as SAP, Oracle, and others. The Onapsis Research Labs team have discovered over 1,000 zero-day vulnerabilities and multiple critical global CERT alerts have been based on their novel research

Onapsis automatically updates its products with the latest threat intelligence and other security guidance from the Onapsis Research Labs. This provides customers with advanced notification on critical issues, comprehensive coverage, improved configurations and zero-day protection ahead of scheduled vendor updates. 

In this session learn more about the latest threat intelligence and receive security guidance from the Onapsis Research Labs to stay ahead of ever-evolving cybersecurity threats.

This session covers: 

  • Recent research on vulnerability findings, including ICMAD and HTTP Smuggling
  • An overview on how to keep your SAP business-critical applications secure
  • Threat intelligence on the cybersecurity attack trends observed in the wild
  • Security guidance and best practices from the leading team of researchers

Le paysage des menaces se transforme: Mieux comprendre comment protéger les applications critiques SAP contre les menaces

/in /by

On Demand

Les applications SAP hébergent les informations clients, ventes, finances, les produits, les services, les informations sur les employés et les secrets commerciaux – et les pirates informatiques s’intéressent à ces applications. Le groupe Elephant Beetle a exploité, entre autres, deux vulnérabilités SAP et ainsi voler des millions de dollars à des organisations financières. 

Cette présentation vous offrira un aperçu détaillé de ces activités menaçantes, exposant comment des pirates ont ciblé et exploité activement les applications SAP non sécurisées grâce à un ensemble varié de techniques, d’outils et de procédures.

Les laboratoires de recherche Onapsis et l’équipe SAP Product Security Response Team (PSRT) ont collaboré pour découvrir et corriger trois vulnérabilités critiques qui affectent Internet Communication Manager (ICM), un composant central des applications métier SAP.

Rejoignez cette session pour découvrir pourquoi ce composant est si critique et ce que vous devez faire pour atténuer les risques pour vos applications SAP.

Le webinaire sera en Français.

The Elephant Beetle in the Room: An Advanced Financial Attack Leveraging SAP Vulnerabilities

/in /by

The Elephant Beetle Is Still A Threat

On-Demand

Learn how SAP vulnerabilities were exploited to drain millions of dollars from major financial organizations by an advanced threat group dubbed ‘Elephant Beetle’. In this session we discuss their modus operandi, provide actionable guidelines on how to bolster SAP security processes and how to defeat attacks of this nature in case of a breach. This session provides: 

  • Review of the attack trends & threat landscape in 2022
  • Deep dive into a specific case study of an “Elephant Beetle” attack and Incident Response
  • Key actions you can take to prepare your organization and defeat such attacks
  • Top resources to help support your security effort

About Sygnia & Onapsis

The teams from Onapsis Research Labs and Sygnia Incident Response have been tracking, identifying, and defending against growing threats to business-critical applications. Recently, Sygnia uncovered an organized financial-theft operation leveraging SAP Vulnerabilities. Their tactics, techniques, and procedures echo the trends that The Onapsis Research Labs has observed. Join Onapsis security experts and Sygnia Incident Response industry leaders as we discuss key security tactics the modern enterprise needs to to protect your business.

Together, we’ll review findings from the researchers from Sygnia’s Incident Response team and discuss how these findings affect the applications at the core of your business. You will emerge with a security strategy for your business that extends to and protects your most sensitive—and vulnerable—enterprise resources. 

Sygnia is a cyber services company that provides strategic consulting and incident response support to leading organizations worldwide, including Fortune 100 companies. As a trusted advisor to technology and security teams, management, and boards, Sygnia works with companies to proactively build their cyber resilience and respond and defeat attacks within their networks. To learn more, go to: www.sygnia.co

Onapsis Webinar

Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications

/in /by

SAP & Onapsis Cyber Tech Talk Series

ON DEMAND

On Thursday, December 9, a critical vulnerability (CVE-2021-44228) in Apache Log4j, a widely used Java logging library, was made public. Some are calling it “the most significant vulnerability in the last decade.” 

The Onapsis Research Labs maintains a network of sensors that we call the Onapsis Threat Intelligence Cloud. Within 10 days of the initial Log4j attack, Onapsis Research Labs captured over 3,000 attack attempts and observed over 50 variants. With more than 30 SAP applications affected by this vulnerability, it’s important to understand your risk and your exposure points. 

During this session Richard Puckett, Chief Information Security Officer at SAP and Sadik Al-Abdulla, Chief Product Officer at Onapsis discussed:

  • Threat intelligence around the Log4j vulnerability captured by Onapsis Research Labs
  • Implications of the vulnerability on SAP applications
  • Considerations for building comprehensive vulnerability management for SAP and business critical applications

Critical ICMAD Vulnerabilities: Who Is at Risk & How to Protect Your Business-Critical SAP Applications

/in /by

Executive Briefing

ON DEMAND

The Onapsis Research Labs is on a quest to protect the world’s most critical applications at the center of the global economy. Most recently, Onapsis collaborated with SAP Product Security Response Team to discover and patch three critical memory corruption vulnerabilities that affected Internet Communication Manager (ICM), a core component of SAP business applications. If not patched, the series of vulnerabilities, dubbed “ICMAD,” could enable attackers to execute several malicious activities on SAP users, business information, and processes — and ultimately compromise unpatched SAP applications.

Hear from SAP CISO Richard Puckett and Onapsis CEO Mariano Nunez as they discuss how the Onapsis Research Labs and SAP Product Security Response Team worked in close partnership to identify, assess, and mitigate these critical vulnerabilities.

Watch this webinar recording to learn:

  • Details on the ICMAD vulnerabilities discovered
  • The impact on your business
  • Why timely patching of critical vulnerabilities is more important than ever
  • Recommendations for keeping your SAP systems protected
ICMAD Report

The ICMAD Vulnerabilities: Who Is at Risk and How to Protect Your Business-Critical SAP Applications

/in /by

Onapsis Research Labs’ thorough investigation of HTTP Response Smuggling over the last year led to the recent identification of the ICMAD vulnerabilities.
 
Read the threat report from Onapsis Research Labs to understand:

  • What the ICMAD vulnerabilities are
  • The potential business impact of exploitation, including session hijacking, theft of credentials, and full SAP system takeover
  • Recommendations to protect your business-critical SAP systems 
  • New research into HTTP Response Smuggling techniques

Onapsis worked closely with SAP’s Product Security Response Team to discover and patch these critical vulnerabilities. Both companies believe that all unpatched SAP applications are at risk and strongly advise all impacted organizations to prioritize patching these affected systems as soon as possible.

For more information about the ICMAD SAP vulnerabilities, deep research from the Onapsis Research Labs, and an executive threat briefing, visit onapsis.com/icmad.

SAP Business Risk Illustration: Cyber Risk Assessment

/in /by
40,000+ ORGANIZATIONS USING SAP ARE AT RISK OF RECON VULNERABILITY. Successful Exploit Could Allow Unauthenticated Full System Access; Impact Business Operations and Regulatory Compliance

ERP Systems and Mission-Critical Applications at Risk

A recent IDC survey of 430 IT decision makers titled, “ERP Security: The Reality of Business Application Protection” found that 64% of organizations have reported an ERP system—SAP and Oracle E-Business Suite—breach in the past 24 months. The research further suggests that these ERP systems are increasingly under attack for critical data. Among companies whose ERP systems have been breached in the last 24 months, the information compromised the most includes sales data (50%), customer personally identifiable information (41%), intellectual property (36%) and financial data (34%).  Respondents ranked financial and sales data as the two most critical types of compromised data. 

New RECON Vulnerability in SAP

The SAP July 2020 Security Notes include a fix for a critical vulnerability – CVSS score of 10 out of 10—named RECON (Remotely Exploitable Code On NetWeaver). This is a very serious vulnerability affecting a default component present in every SAP application running the SAP NetWeaver Java technology stack. This technical component is used in many SAP business solutions, including SAP S/4HANA, SAP SCM, SAP CRM, SAP CRM, SAP Enterprise Portal, SAP Solution Manager (SolMan)and others putting more than 40,000 organizations using SAP at risk.

The RECON vulnerability is particularly dangerous because many of the affected solutions are often exposed to the internet to connect companies with business partners employees and customers which significantly reduces the complexity of a remote attack.

Business Impact of Exploits Against RECON

If exploited, an unauthenticated attacker (no username or password required) can create a new SAP user with maximum privileges, bypassing all access and authorization controls (such as segregation of duties, identity management and GRC solutions) and gaining full control of SAP systems. This could allow them to perform many malicious activities, including the ability to modify financial records, view personally identifiable information (PII), corrupt data, delete or modify logs and traces and other actions that put essential business operations at risk. Because of the type of unrestricted access an attacker could obtain, this vulnerability may also constitute a deficiency in an enterprise’s IT controls for regulatory mandates – potentially impacting financial (Sarbanes-Oxley) and privacy (GDPR) compliance.

Assess Your SAP Systems Today

Are your mission-critical SAP systems and applications susceptible to RECON and other vulnerabilities? Onapsis Risk Assessment to identify and other security issues that put your business is at risk

The results Onapsis delivers will help:

  • Identify existing vulnerabilities
  • Prioritize and expedite remediation plans
  • Reduce the overall attack surface
  • Protect your mission-critical applications

Discovery and assessment is run remotely, takes less than two hours and does not require installation of software or access to production systems.

For more information about the RECON vulnerability, read the Onapsis Threat Report

Cyber Tech Talk Series - Transformation Takeaways: 4 Learnings From Industry Leaders

/in /by

Request on Demand Video 

Many organizations have correctly realized that security needs to be considered from the start of major digital transformation projects, and have started including security leaders in project planning and execution. However, most security leaders lack the visibility and/or understanding of SAP they need to effectively measure risk and enforce security baselines for the project. Hear from key industry leaders on the importance of SAP security and how to eliminate this blindspot so security leaders can understand risk and respond accordingly.

©2024 Onapsis | All rights reserved