We’re thrilled to announce that Onapsis Research Labs, our team of offensive security professionals dedicated to hunting down vulnerabilities within ERP applications, has discovered and helped remediate over 1,000 zero day ERP vulnerabilities within SAP and Oracle applications.
Onapsis has been protecting the world’s most critical enterprise resources for over a decade. ERP applications from corporations like SAP and Oracle help run your organization—supporting financial systems, human capital management, supply chains, supplier relationships, and more. These applications are at the center of the global economy, used by 92% of the Global 2000 and touching 77% of the world’s revenue. Despite their importance, these applications can fall outside the scope of most traditional security solutions.
With the increase in cyberattacks surrounding ERP applications, organizations need a dedicated solution built to secure these applications and backed by threat intelligence. The findings from Onapsis Research Labs build upon the foundation of the Onapsis Platform, making Onapsis the only ERP application security company that updates our products with the latest threat intelligence and security guidance from a dedicated security research team. This empowers our customers with advanced notifications on critical issues, more comprehensive coverage than vendor notes alone, improved configurations, and pre-patch protection ahead of scheduled vendor updates.
Our work not only fuels our technology, but also helps us educate the broader communities on how to protect their applications and organizations from growing threats. To date, Onapsis Research Labs’ has supported six U.S. Department of Homeland Security alerts and is the most prolific and most celebrated contributor of vulnerability research by the SAP Product Security Response Team.
“As we reflect over the past years of research, I see that the Onapsis Research Labs has had a tremendous impact on the security of ERP Applications, as all of those vulnerabilities that were reported to the vendors become fixed, effectively transforming ERP technology into more secure business applications”, says JP Perez-Etchegoyen, Co-founder and Chief Technical Officer of Onapsis. “This makes the Onapsis Research Labs one of the most important partners from a security perspective not only to SAP and Oracle but more importantly to its customers."
SAP Threat Intelligence From Onapsis Research Labs
ICMAD Vulnerabilities in SAP Applications
Onapsis and SAP partnered on the discovery and mitigation of a set of three vulnerabilities affecting the SAP Internet Communication Manager (ICM) component in SAP business-critical applications. This set of ERP vulnerabilities, the ICMAD vulnerabilities, enable attackers to execute serious malicious activities on SAP users, business information, and processes — and ultimately compromise unpatched SAP applications.
Earlier this year, Sygnia’s Incident Response team released a report detailing the activities of a threat group Elephant Beetle that resulted in the theft of millions of dollars from Latin American financial sector organizations. Onapsis Research Labs’ Threat Intelligence Cloud found activity related to two SAP NetWeaver Java vulnerabilities in the Sygnia report. Our threat intelligence found over 350 exploitation attempts since January 2020. The majority of these exploit attempts come from Asia and the US, in comparison to the Elephant Beetle activity, suggesting this is a global event. This further proves that threat actors have deep knowledge of business applications. Organizations should work to strengthen their SAP security processes and incorporate SAP within their vulnerability management and incident response processes to make it significantly harder for threat actors to perform an initial compromise.
Active Cyberattacks on Business-Critical SAP Applications
In April 2021, we released threat intelligence with SAP to help SAP customers protect from active cyber threats seeking to specifically target, identify and compromise organizations running unprotected SAP applications, through a variety of cyberattack vectors. Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive data, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations.
SAP Patch Day
Onapsis Research Labs regularly contributes to SAP Security Notes and shares their analysis every Patch Day. Onapsis automatically updates our products with information from every patch release.
To learn more about Onapsis Research Labs findings, check out our latest blogs or see us at one of the following industry conferences. CTO Juan Perez-Etchegoyen will be presenting at API Cybersecurity Conference, one of the largest oil and gas conferences nationally. In addition, Onapsis Research Labs will be presenting at Black Hat Europe in December.