Press Release

Onapsis Open-Sources Detection Signatures to Help Global SAP Customers Protect Against New Critical Exploits Dubbed ‘10KBLAZE’

BOSTON – May 2, 2019 — Onapsis, the global leader in business application cyber resilience, today announced the immediate release of threat intelligence that helps SAP customers to detect and respond to recently released exploits of common critical SAP misconfigurations that, if not properly secured, can be abused by hacktivists, cyber-criminal groups and nation-state threat actors to take full command and control of their business-critical information and processes. The complete 10KBLAZE Threat Report and open-source signatures are available here.  

Given the criticality of the risk posed by 10KBLAZE and insights from its threat intelligence capabilities, Onapsis has decided to open-source components of its Onapsis Security Platform and make intrusion detection signatures immediately and freely available to all SAP customers. Further, Onapsis has coordinated a global response with international government authorities, global SAP service providers and leading cyber threat detection and incident response firms to enable detection, monitoring, and remediation of affected organizations globally. 

Onapsis’ Research Labs became aware of the release of these new exploits on April 23rd. The exploits can be leveraged to abuse a critical configuration issue in SAP NetWeaver installations (including S4/HANA) that, if not corrected as recommended by SAP, could lead to a full system compromise by attackers, without even requiring a valid SAP user ID and password.  

“This risk to SAP customers can represent a weakness in affected publicly-traded organizations that may result in material misstatements of the company’s annual financial statements (Form 10-K),” said Larry Harrington, former Chairman of the Board of the Institute of Internal Auditors (IIA), “Further, a breach against these business-critical applications would likely result in the need for disclosure given the recent SEC’s Cybersecurity Disclosure Guidance.”

Based on publicly available information, Onapsis estimates that more than 50,000 companies and a collective 1,000,000 SAP systems are currently running the potentially-affected components. Onapsis’ research gathered over 10 years calculates that nearly 90% of these systems suffer from the misconfigurations for which these exploits are now publicly available.  

“SAP released relevant security notes and guidance to help customers secure these critical configurations several years ago.  The onus is on service providers and customers to implement, enforce and monitor tighter security controls on the systems. This can be very challenging and take significant resources, but the stakes are simply too high not to make the suggested configuration changes,” said Mariano Nunez, CEO and Co-founder, Onapsis, Inc. “While Onapsis customers have had protection against the 10KBLAZE exploits for more than 5 years, in the face of such an increased risk, we feel it is our obligation to support all SAP customers by making detection capabilities that help them protect their business-critical applications open and freely available.”  

Onapsis has released a comprehensive threat report with full details on the 10KBLAZE exploits, including instructions for monitoring, detecting and mitigating business exposure and application vulnerabilities targeted by 10KBLAZE.  

An executive brief, the full threat report and open-source signatures can be downloaded here.  

About Onapsis
Onapsis helps organizations to be cyber resilient by protecting their business-critical applications, keeping them compliant and safe from insider and outsider threats. Our patented solutions are used to accelerate digital transformation initiatives – including transitioning to the cloud – by providing actionable intelligence, continuous monitoring and automated governance for ERP, CRM, PLM, HCM, SCM, BI and Cloud-based business-critical applications.

As the proven market leader, global enterprises trust Onapsis to help modernize and strengthen their SAP and Oracle E-Business Suite applications, and to make sure security, IT, DevOps and compliance teams are best prepared for the business needs of the future.

Headquartered in Boston, MA, and with global operations, Onapsis proudly serves more than 300 of the world’s leading brands and organizations, including many of the Global 2000. Through our unique strategic alliances with leading consulting and audit firms such as Accenture, Deloitte, IBM, Infosys, PwC and Verizon, Onapsis solutions have become the de-facto standard in helping organizations protect what really matters. 

For more information, connect with us on Twitter or LinkedIn.