Business-Critical Applications Are Increasingly at Risk From Bad Actors & Companies Can’t Keep Up

ICMAD is the latest example of a critical vulnerability with a wide impact, potentially affecting more than 40,000 SAP customers.

If Not Now, When?



Modern enterprises face a perfect storm of complexity that makes it extremely challenging to secure the business-critical applications that sit at the center of their financial operations. Digital transformation projects, cloud and S/4HANA migrations, and a large number of newly connected applications and vendors to your critical systems increase this complexity and make things worse. Unfortunately, threat actors aren’t taking it easy. They’re going on the attack. IDC notes that 64% of ERP systems have been breached in the past couple of years, and joint threat intelligence from SAP, CISA, and Onapsis verifies this, showcasing examples of threat actors who are launching dedicated, sophisticated attacks on these critical applications by exploiting new and well-known vulnerabilities.

The Threats Are Real

The actionable intelligence and products provided by The Onapsis Platform enable cross-functional teams to easily bring business-critical applications into existing security, compliance, and development programs.


of ERP systems have been breached in the past 2 years


stolen by a single threat group


SAP customers affected by ICMAD vulnerabilities

SAPinsider Research Highlights The Cybersecurity Threats Targeting SAP Systems

In a recent survey, SAPinsider examined the experiences of business and technology professionals about how they are approaching security for their SAP applications to see if existing cybersecurity measures are sufficient to face a changing threat landscape.
Turns out they are not. Here are some of the facts:

  • ⅓ of participants said that they have suffered from some sort of credential compromise, malware or cybersecurity attack that has impacted their SAP environment. 
  • 47% of companies are faced with keeping up with patches and updates.
  • 30% of respondents said that their organization had experienced a credentials compromise or password misuse that had impacted their SAP systems 
  • Ransomware attacks are still the biggest threat to SAP systems today, causing a massive impact on company operations.
  • Having SAP systems offline for a week or more seriously impacts the functioning of the company, well beyond the revenue loss.

The Attacks Are Happening.

It Is Time To Act.

January 2022

Elephant Beetle

In January 2022, Sygnia’s Incident Response team released a report detailing the activities of a threat group Elephant Beetle that resulted in the theft of millions of dollars from Latin American financial sector organizations. Onapsis Research Labs took a look at its Threat Intelligence Cloud and analyzed activity related to two SAP NetWeaver Java vulnerabilities mentioned in the Sygnia report. They found over 350 exploitation attempts since January 2020 and that the vast majority of Onapsis-observed exploit attempts come from Asia and the US (in comparison to the Elephant Beetle activity, which was primarily focused in Latin America, indicating this isn’t isolated but rather global).

February 2022
ICMAD Vulnerabilities in SAP Applications

Onapsis and SAP partnered on the discovery and mitigation of a set of three vulnerabilities affecting the SAP Internet Communication Manager (ICM) component in SAP business-critical applications. This set of vulnerabilities was dubbed ICMAD (“Internet Communication Manager Advanced Desync”) for short. The ICMAD vulnerabilities require immediate attention by most SAP customers given how ubiquitous the SAP ICM is in SAP landscapes around the world.

April 2021
Active Cyberattacks on Business-Critical SAP Applications

In April 2021, Onapsis, SAP, and CISA released new threat intelligence on active, direct attacks on critical ERP systems. This was the first public report leveraging the Onapsis Threat Intelligence Cloud. The threat landscape has grown aggressively in recent years, and the threat actors are more sophisticated than ever before. As for defenders? Your window of defense has shrunk dramatically.

December 2021
Threat Intelligence on Log4j

Since our awareness of the Log4Shell vulnerability with Log4j, Onapsis developed critical research that demonstrated the impact of this vulnerability on some of the most widely-used SAP products. Onapsis and SAP partnered together for a customer session on protecting SAP applications from the threat of Log4j.

December 2021
With so much relying on these critical SAP systems, any ransomware attack affecting SAP applications could have significant impact on the business.


RECON Vulnerability
Onapsis and SAP collaborated in late 2020 to uncover and mitigate the serious RECON vulnerability. RECON affects a default component present in every SAP application running NetWeaver Java. This technical component is used in many SAP business solutions. A successful exploit could give an unauthenticated attacker full access to the affected SAP system.

Don’t Take Our Word For It

Onapsis secures 20% of the Fortune 100. We can secure you too.

Talk to an Expert

Onapsis has secured business-critical applications since 2009. We are proud to have helped hundreds of organizations around the world:

  • Understand and minimize risk to their most important assets
  • Strengthen DevSecOps and accelerate the delivery of high-quality applications
  • Securely migrate critical applications to the cloud
  • Implement continuous compliance programs for business-critical applications
  • Accelerate the transformation to SAP S/4HANA

We provide the visibility, intelligence, and speed you need to secure your cloud, hybrid, and on-premises business-critical applications. Talk to us today about protecting your business.