Cyber Attackers Actively Exploit Known SAP Vulnerabilities

Cyberattackers actively exploit SAP vulnerabilities

A joint SAP and Onapsis report says that hackers are exploiting known SAP vulnerabilities to take control over exposed SAP apps and steal sensitive information. It warns that cyber attackers could use the unpatched SAP apps on the Internet to commit ransomware attacks and financial fraud. It also recommends actions for organizations that are still using these apps to avoid cyber attacks.

“Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations,” the report reads.

Enterprise resource planning (ERP), supply chain management (SCM), customer relationship management (CRM), human capital management (HCM), and product lifecycle management (PLM) solutions are the most vulnerable for cyber attacks, the report warns.

Onapsis said that of the 1,500 cyber attacks between mid-2020 to March 2021, over 300 exploitations were successful. The earliest attacks on previously known SAP vulnerabilities were detected 72 hours after SAP released patches, while cloud-based apps were exploited in less than three hours.

The report explains that attackers performed multiple brute-force attempts on high privilege accounts and linked together more SAP vulnerabilities to attack SAP apps. They used different methods and tools to access the apps, including TTP procedures.

Although SAP had immediately patched all vulnerabilities that were exploited by hackers, there are still many organizations that didn’t take the necessary measures to migrate safe SAP programs, which makes them potential targets.

“Unfortunately, too many organizations still operate with a major governance gap in terms of the cybersecurity and compliance of their mission-critical applications, allowing external and internal threat actors to access, exfiltrate and gain full control of their most sensitive and regulated information and processes,” said Onapsis CEO Mariano Nunez.