Onapsis and SAP have released a new threat intelligence alert and detailed report to help SAP customers protect themselves from active cyber threats seeking to specifically target, identify and compromise organisations running unprotected SAP applications, through a variety of cyberattack vectors.
Both companies have worked in close partnership with the U.S. Department of Homeland Security (DHS) CISA and Germany’s BSI(Bundesamt für Sicherheit in der Informationstechnik), and are advising organizations to take immediate action to apply specific SAP patches and secure configurations. In addition organisations should perform compromise assessments on critical environments. (CISA: Malicious Cyber Activity Targeting Critical SAP Applications)
Critical weaknesses that are being actively exploited have been promptly patched by SAP, and have been available to customers for months, and years in some cases. Unfortunately, both SAP and Onapsis continue to see many organisations that have not applied the proper mitigations, allowing unprotected SAP systems to continue to operate, and in many cases, remain visible to attackers via the internet. Companies that have not prioritised rapid mitigation for these known risks should consider their systems compromised and take immediate and appropriate action.
The captured evidence reveals that threat actors have the motivation, means and expertise to identify and exploit unprotected mission-critical SAP applications, and are actively doing so. Our key findings include:
If you want to know more you can download and read the full threat report to assess your risk, and which actions to take immediately to protect your business. This report also details the specific techniques, tools and procedures (TTPs) observed by our experts, empowering defenders to respond to this activity as quickly as possible.
To support SAP customers that require investigation, threat remediation and additional post-compromise security monitoring, Onapsis is offering a Free Rapid Assessment and, in partnership with SAP, a 3-month free subscription to The Onapsis Platform for Cybersecurity and Compliance.
If you need more information or assistance to respond to this situation, please contact Onapsis at [email protected].