Cyber Attacks Target SAP Applications

SAP  (Systems, Applications and Products) is one of the world’s leading producers of software for the management of business processes  across a wide range of industries. But their products are not immune from the cyber threats that impact all other IT systems. 
 
Indeed, what is particularly surprising is the speed with which the attackers are able to detect vulnerable SAP systems and the level of expertise they’ve shown in exploiting those vulnerabilities.  
 
Now, research carried out by the cyber security compliance experts at Onapsis  indicates that attackers may be better informed about an organisation’s SAP estate than some of the internal teams and, with the speed of the exploits, they may penetrate systems and hide their tracks before a response has been readied.
 
The new findings show that SAP clients have around three days to respond to vulnerabilities before they are at significant risk of being exploited by sophisticated threat actors.Tom Venables, practice director of application and cyber security at risk management company, Turnkey Consulting, provides the following advice: 

Restoring The Balance Between Defenders And Attackers

Companies running SAP need to check the current patch level of their SAP systems; are they up-to-date and how quickly could a patch be deployed to address a critical vulnerability? From the patching that Turnkey sees on a regular basis, an organisation may not know its systems were exposed.  This level of sophistication is not new in IT, but to see it applied so directly to SAP systems is key evidence that the SAP community needs to be on its toes to respond better (following the lead of other IT infrastructure, which has adapted to handle vulnerabilities quickly).

What Are The Risks?

Many of the vulnerabilities exploited are used to provide privileged access to the SAP systems; once that is achieved, there are a number of risks that could be realised by an experienced APT:
 
  •  Data exfiltration – some SAP systems store production recipes or other intellectual property (IP) that is of value to attackers.  Other data, such as customer specific information is valuable to competitors, or can be used to damage the organisation; fines and reputational loss alone can seriously harm companies.
  • Ransomware or hijack of systems – by taking control of databases or key storage, business systems can be held to ransom by APTs.
  • Fraud – with the degree of knowledge demonstrated by the Onapsis breach monitoring, the ability to leverage access to systems to commit fraud is clearly within the capability of attackers.
  • System downtime – with administrator privileges on the SAP estate, misconfiguration of the system, or deliberate attacks on key data can result in downtime of business critical systems. 

How can this Threat be Managed? 

Understanding your organisations exposure to vulnerabilities is the first step, running assessments can help to spot risks before they become issues and are exploited by attackers. Then, deploying patches in a timely fashion will help to ensure that systems are protected against the latest threats, so a good patch management process, or solution is essential.
 
Once that is done, monitoring and alerting on security events to know when a breach may have occurred and ensuring that a response plan is defined for such incidents, minimises the impact of an attack.
 
Onapsis:        Turnkey Consulting:       NHS Digital:   
 
 
You Might Also Read: 
 
Industrial Control System Security Is Overlooked:
 
 
 
« UK Cyber Security Council Officially Launched
Cyber Crime In 2021: How Hackers Are Evolving »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CEPS

CEPS

CEPS is a leading think tank and forum for debate on EU affairs, ranking among the top think tanks in Europe. Topic areas include Innovation, Digital economy and Cyber-security.

Vade Secure

Vade Secure

Vade Secure provides protection against the most sophisticated email scams such as phishing and spear phishing, malware and ransomware.

Leibniz-Rechenzentrum (LRZ)

Leibniz-Rechenzentrum (LRZ)

The LRZ supports ground-breaking research and teaching in a wide range of scientific disciplines including information security and data protection.

Securicon

Securicon

Securicon provides expert consulting for application, system and network security.

limes datentechnik

limes datentechnik

limes datentechnik is an authority in the fields of cryptography and data compression. The FLAM product family is an internationally accepted standard for efficient and safe handling of data.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

FileWave

FileWave

FileWave offers a single solution for managing apps, devices, and more for Mac, Windows, and mobile devices.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

FirstPoint Mobile Guard

FirstPoint Mobile Guard

FirstPoint Mobile Guard has developed the market’s most advanced solution for securing cellular devices, including mobile phones and IoT products, by blocking malicious data leakage.

Plug and Play Tech Center

Plug and Play Tech Center

Plug and Play is the ultimate innovation platform, bringing together the best startups and the world’s largest corporations.

TrustMAPP

TrustMAPP

TrustMAPP automates cybersecurity & privacy assessments, with universal workflow, allowing teams to generate analytics and recommendations to align priorities for improvement.

Coretelligent

Coretelligent

Coretelligent is a leading providers of Managed and Co-Managed IT, cybersecurity and private cloud services.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

Finite State

Finite State

Finite State enables product security teams to protect the devices we rely on every day through market-leading software threat, vulnerability, and risk management.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

Ark Infotech

Ark Infotech

Ark Infotech is a provider of cloud management services, selective support services, and technology solutions.