As cyber threats continue to increase, more and more organizations are disclosing cybersecurity breaches where perimeter defenses failed, critical data was taken and compliance was compromised. What is almost never disclosed are the specific applications attackers gained access to.
New Evidence of Active Cyberattacks on Mission-Critical SAP Applications
Recently, Onapsis and SAP released research that provides conclusive evidence that the impact and probability of attacks on unprotected SAP applications is putting organizations at extremely high risk. SAP promptly patched all of the critical vulnerabilities observed being exploited, and have made them available to customers for months, and years in some cases. Unfortunately, SAP and Onapsis continue to observe many organizations that have still not applied the relevant mitigations, allowing unprotected SAP systems to continue to operate and, in many cases, remain visible to attackers via the internet.
As Mariano Nunez, Onapsis CEO, mentioned in this blog on April 6, the U.S. Department of Homeland Security (DHS) CISA and Germany’s BSI, are advising organizations to take immediate action to apply specific SAP patches and secure configurations, and perform compromise assessments on critical environments. (CISA: Malicious Cyber Activity Targeting Critical SAP Applications)
What Should Organizations Running SAP Do?
The reality that threats to unpatched and misconfigured mission-critical SAP applications are pervasive and ongoing highlights the need for community-wide attention and collaboration to track, identify and defend, to effectively neutralize these threats.
That is why Onapsis has partnered with companies such as Accenture, Optiv, Deloitte, Turnkey and IBM to offer a service package to help clients best understand their exposure, perform a compromise assessment and deploy compensating controls. If you are running mission-critical SAP applications, you will want to: immediately assess your SAP systems for exposure and check for potential indicators of compromise if your SAP systems were found to be vulnerable and not promptly secured. Our partners are armed to help you with both.
We highly encourage you to download the threat report to assess if you are at risk, and which actions to take immediately to protect your business. This report also details the specific techniques, tools and procedures (TTPs) observed by our experts, empowering defenders to respond to this activity as quickly as possible.
If you need more information or assistance to respond to this situation, please contact your System Integrator, Reseller or Onapsis at [email protected].