Exploits on the Rise: SAP and Oracle

Whatever role you play in ensuring your organization runs smoothly, the biggest risk to the business is not knowing the risks. ERP systems SAP and Oracle have seen a 100% increase in available public exploits over the last three years and a 160% increase in the activity and interest in ERP-specific vulnerabilities from 2016 to 2017.

What steps are you taking to secure these business-critical applications?

An astonishing number of insecure ERP applications are directly accessible online, both on-premise and in public cloud environments, increasing the attack surface and exposure. That, in conjunction with the increase in exploits, means more risk.

increase exploits

In May of 2016, U.S. Department of Homeland Security Computer Emergency Readiness Team (DHS US-CERT) released a critical alert warning that at least 36 global organizations were being exploited through the abuse of a specific, five-year-old SAP vulnerability. Onapsis has continued to observe the exploitation of this critical vulnerability, which is over seven years old.

In July of this year, the DHS US-CERT sent out a second alert to notify large organizations about these threats due to further evidence of the increase in both vulnerabilities and exploits to SAP and Oracle systems. There is also clear evidence of intent from threat actors to target ERP applications. To manage risk more effectively, organizations must be aware of this and be able to prevent a breach by following the recommended protocols.

Organizations must ensure the right level of governance around cyber risks that could affect ERP applications, starting with a clear understanding of their internet-facing ERP applications and followed by visibility and proactive management of potential vulnerabilities and risks affecting ERP applications.

Are your ERP systems secure?

The Onapsis Research Labs has extensive knowledge and expertise around ERP threats and vulnerabilities, working hand in hand with SAP and Oracle to remediate the vulnerabilities. Onapsis strives to also share this knowledge with customers for more visibility and understanding around how the threats to ERP applications are evolving. We recently released a detailed report to warn organizations and raise awareness around the risks and threats of not properly taking care of your security of ERP applications.

Download our report to learn how to proactively protect your ERP systems and as always, contact us for a free consultation to help you understand your level of risk and how you can improve.