Business-Critical Applications Are Increasingly at Risk From Bad Actors & Companies Can’t Keep Up
ICMAD is the latest example of a critical vulnerability with a wide impact, potentially affecting more than 40,000 SAP customers.
If Not Now, When?
Modern enterprises face a perfect storm of complexity that makes it extremely challenging to secure the business-critical applications that sit at the center of their financial operations. Digital transformation projects, cloud and S/4HANA migrations, and a large number of newly connected applications and vendors to your critical systems increase this complexity and make things worse. Unfortunately, threat actors aren’t taking it easy. They’re going on the attack. IDC notes that 64% of ERP systems have been breached in the past couple of years, and joint threat intelligence from SAP, CISA, and Onapsis verifies this, showcasing examples of threat actors who are launching dedicated, sophisticated attacks on these critical applications by exploiting new and well-known vulnerabilities.
The Threats Are Real
The actionable intelligence and products provided by The Onapsis Platform enable cross-functional teams to easily bring business-critical applications into existing security, compliance, and development programs.
of ERP systems have been breached in the past 2 years
stolen by a single threat group
SAP customers affected by ICMAD vulnerabilities
SAPinsider Research Highlights The Cybersecurity Threats Targeting SAP Systems
In a recent survey, SAPinsider examined the experiences of business and technology professionals about how they are approaching security for their SAP applications to see if existing cybersecurity measures are sufficient to face a changing threat landscape.
Turns out they are not. Here are some of the facts:
- ⅓ of participants said that they have suffered from some sort of credential compromise, malware or cybersecurity attack that has impacted their SAP environment.
- 47% of companies are faced with keeping up with patches and updates.
- 30% of respondents said that their organization had experienced a credentials compromise or password misuse that had impacted their SAP systems
- Ransomware attacks are still the biggest threat to SAP systems today, causing a massive impact on company operations.
- Having SAP systems offline for a week or more seriously impacts the functioning of the company, well beyond the revenue loss.
The Attacks Are Happening.
It Is Time To Act.
In January 2022, Sygnia’s Incident Response team released a report detailing the activities of a threat group Elephant Beetle that resulted in the theft of millions of dollars from Latin American financial sector organizations. Onapsis Research Labs took a look at its Threat Intelligence Cloud and analyzed activity related to two SAP NetWeaver Java vulnerabilities mentioned in the Sygnia report. They found over 350 exploitation attempts since January 2020 and that the vast majority of Onapsis-observed exploit attempts come from Asia and the US (in comparison to the Elephant Beetle activity, which was primarily focused in Latin America, indicating this isn’t isolated but rather global).
ICMAD Vulnerabilities in SAP Applications
Onapsis and SAP partnered on the discovery and mitigation of a set of three vulnerabilities affecting the SAP Internet Communication Manager (ICM) component in SAP business-critical applications. This set of vulnerabilities was dubbed ICMAD (“Internet Communication Manager Advanced Desync”) for short. The ICMAD vulnerabilities require immediate attention by most SAP customers given how ubiquitous the SAP ICM is in SAP landscapes around the world.
In April 2021, Onapsis, SAP, and CISA released new threat intelligence on active, direct attacks on critical ERP systems. This was the first public report leveraging the Onapsis Threat Intelligence Cloud. The threat landscape has grown aggressively in recent years, and the threat actors are more sophisticated than ever before. As for defenders? Your window of defense has shrunk dramatically.
Threat Intelligence on Log4j
Since our awareness of the Log4Shell vulnerability with Log4j, Onapsis developed critical research that demonstrated the impact of this vulnerability on some of the most widely-used SAP products. Onapsis and SAP partnered together for a customer session on protecting SAP applications from the threat of Log4j.
With so much relying on these critical SAP systems, any ransomware attack affecting SAP applications could have significant impact on the business.
Onapsis and SAP collaborated in late 2020 to uncover and mitigate the serious RECON vulnerability. RECON affects a default component present in every SAP application running NetWeaver Java. This technical component is used in many SAP business solutions. A successful exploit could give an unauthenticated attacker full access to the affected SAP system.
Don’t Take Our Word For It
Onapsis secures 20% of the Fortune 100. We can secure you too.
“Onapsis removes the mystery around SAP security by increasing visibility. We can see issues—misconfigurations, missing patches or unusual user activity—what risk they pose and how to fix them.”
–Enterprise Security Manager, Large Utility Company
“We have been able to save about 40 hours a week since we started using Onapsis. It used to take us about 8 hours per system between pulling data and working with various teams to address.”
– F500 bio- pharmaceutical company
“We can identify unknown loopholes in our configurations and user settings, while also getting up to date on patches. Because so much of the process is automated, we are able to save about 20 hours of time and resources each week.”
– Large Retail Company
Talk to an Expert
Onapsis has secured business-critical applications since 2009. We are proud to have helped hundreds of organizations around the world:
- Understand and minimize risk to their most important assets
- Strengthen DevSecOps and accelerate the delivery of high-quality applications
- Securely migrate critical applications to the cloud
- Implement continuous compliance programs for business-critical applications
- Accelerate the transformation to SAP S/4HANA
We provide the visibility, intelligence, and speed you need to secure your cloud, hybrid, and on-premises business-critical applications. Talk to us today about protecting your business.