Onapsis was founded over a decade ago when we realized that the world’s most critical enterprise resources were being overlooked. Business-critical applications from corporations like SAP, Oracle, and Salesforce help run your organization—supporting financial systems, human capital management, supply chains, supplier relationships, and more. These applications are at the center of the global economy, used by 92% of the Global 2000 and touching 77% of the world’s revenue. Despite their importance, these applications have been neglected by most of the security community. They fall outside the scope of most traditional and holistic security solutions.
Over the last 12 years, Onapsis has been dedicated to solving these cybersecurity concerns. The Onapsis Research Labs has identified hundreds of vulnerabilities and emerging, novel threats to critical enterprise systems. They’ve also confirmed that many of the decade’s largest breaches can be traced back to vulnerabilities in business applications. To date, this offensive security team has discovered 1,000+ zero-day vulnerabilities in business-critical applications and supported 6 U.S. Department of Homeland Security alerts.
The findings from the Onapsis Research Labs inform the foundation of The Onapsis Platform. Onapsis is the only business-critical application security company that automatically updates our products with the latest threat intelligence and security guidance from a dedicated security research team. This empowers our customers with advanced notifications on critical issues, more comprehensive coverage than vendor notes alone, improved configurations, and pre-patch protection ahead of scheduled vendor updates. The ongoing discoveries from the Onapsis Research Labs keeps The Onapsis Platform ahead of ever-evolving cybersecurity threats.
Take a look at some of the research from our team to help you better protect your business-critical applications:
ICMAD Vulnerabilities in SAP Applications
Onapsis and SAP partnered on the discovery and mitigation of a set of three vulnerabilities affecting the SAP Internet Communication Manager (ICM) component in SAP business-critical applications. This set of vulnerabilities was dubbed ICMAD (“Internet Communication Manager Advanced Desync”) for short. The ICMAD vulnerabilities require immediate attention by most SAP customers given how ubiquitous the SAP ICM is in SAP landscapes around the world.
In January 2022, Sygnia’s Incident Response team released a report detailing the activities of a threat group Elephant Beetle that resulted in the theft of millions of dollars from Latin American financial sector organizations. Onapsis Research Labs took a look at its Threat Intelligence Cloud and analyzed activity related to two SAP NetWeaver Java vulnerabilities mentioned in the Sygnia report. They found over 350 exploitation attempts since January 2020 and that the vast majority of Onapsis-observed exploit attempts come from Asia and the US (in comparison to the Elephant Beetle activity, which was primarily focused in Latin America, indicating this isn’t isolated but rather global).
Active Cyberattacks on Business-Critical SAP Applications
In April 2021, we released new threat intelligence and the first public report from Onapsis Threat Intelligence Cloud. Not only has the threat landscape grown in recent years, but threat actors have gotten more sophisticated using well-known exploits and the window for defenders has gotten increasingly smaller.
Threat Intelligence on Log4j
Since we became aware of Log4j, Onapsis worked around the clock to understand the impact of this vulnerability on some of the most widely used SAP products. Onapsis and SAP partnered together for a customer session on protecting SAP applications from the threat of Log4j.
Monthly SAP Security Notes
Onapsis Research Labs regularly contributes to SAP Security Notes and shares their analysis every Patch Tuesday. Onapsis automatically updates our products with information from every patch release.
The Onapsis Research Labs and SAP worked together in late 2020 to uncover and mitigate the serious RECON vulnerability. The RECON vulnerability affects a default component present in every SAP application running the SAP NetWeaver Java technology stack. This technical component is used in many SAP business solutions, and a successful exploit could give an unauthenticated attacker full access to the affected SAP system.