Cyber Attacks Target SAP Applications

Uploaded on 2021-04-14 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Manufacturing

SAP  (Systems, Applications and Products) is one of the world’s leading producers of software for the management of business processes  across a wide range of industries. But their products are not immune from the cyber threats that impact all other IT systems. 
 
Indeed, what is particularly surprising is the speed with which the attackers are able to detect vulnerable SAP systems and the level of expertise they’ve shown in exploiting those vulnerabilities.  
 
Now, research carried out by the cyber security compliance experts at Onapsis  indicates that attackers may be better informed about an organisation’s SAP estate than some of the internal teams and, with the speed of the exploits, they may penetrate systems and hide their tracks before a response has been readied.
 
The new findings show that SAP clients have around three days to respond to vulnerabilities before they are at significant risk of being exploited by sophisticated threat actors.Tom Venables, practice director of application and cyber security at risk management company, Turnkey Consulting, provides the following advice: 

Restoring The Balance Between Defenders And Attackers

Companies running SAP need to check the current patch level of their SAP systems; are they up-to-date and how quickly could a patch be deployed to address a critical vulnerability? From the patching that Turnkey sees on a regular basis, an organisation may not know its systems were exposed.  This level of sophistication is not new in IT, but to see it applied so directly to SAP systems is key evidence that the SAP community needs to be on its toes to respond better (following the lead of other IT infrastructure, which has adapted to handle vulnerabilities quickly).

What Are The Risks?

Many of the vulnerabilities exploited are used to provide privileged access to the SAP systems; once that is achieved, there are a number of risks that could be realised by an experienced APT:
 
  •  Data exfiltration – some SAP systems store production recipes or other intellectual property (IP) that is of value to attackers.  Other data, such as customer specific information is valuable to competitors, or can be used to damage the organisation; fines and reputational loss alone can seriously harm companies.
  • Ransomware or hijack of systems – by taking control of databases or key storage, business systems can be held to ransom by APTs.
  • Fraud – with the degree of knowledge demonstrated by the Onapsis breach monitoring, the ability to leverage access to systems to commit fraud is clearly within the capability of attackers.
  • System downtime – with administrator privileges on the SAP estate, misconfiguration of the system, or deliberate attacks on key data can result in downtime of business critical systems. 

How can this Threat be Managed? 

Understanding your organisations exposure to vulnerabilities is the first step, running assessments can help to spot risks before they become issues and are exploited by attackers. Then, deploying patches in a timely fashion will help to ensure that systems are protected against the latest threats, so a good patch management process, or solution is essential.
 
Once that is done, monitoring and alerting on security events to know when a breach may have occurred and ensuring that a response plan is defined for such incidents, minimises the impact of an attack.
 
Onapsis:        Turnkey Consulting:       NHS Digital:   
 
 
You Might Also Read: 
 
Industrial Control System Security Is Overlooked:
 
 
 
« UK Cyber Security Council Officially Launched
Cyber Crime In 2021: How Hackers Are Evolving »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA) is a non-profit organization dedicated to leading a diversified research agenda in the field of cyber conflict.

CERT.br

CERT.br

The Brazilian national Computer Emergency Response Team

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

Cross Identity

Cross Identity

Cross Identity (formerly Ilantus Technologies) is a complete IAM solution that is deep, comprehensive, and can be implemented even by non-IT persons.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

Salient CRGT

Salient CRGT

Salient CRGT is a leading provider of health, data analytics, cloud, agile software development, mobility, cyber security, and infrastructure solutions.

CyberSeek

CyberSeek

CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

Very Good Security (VGS)

Very Good Security (VGS)

VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it.

SecureWorx

SecureWorx

SecureWorx are a secure multi-cloud MSP, a provider of advanced IT security services and an independent cyber security advisory.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

Saepio Solutions

Saepio Solutions

Saepio promote an all-encompassing approach to cybersecurity, ensuring the appropriate balance of budget and resource across Policy, Product and People.

Resillion

Resillion

Resillion (formerly Eurofins Digital Testing) is a global leader in quality engineering and cyber security services with operations in Europe, US, UK, India and China.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.

STACK Cybersecurity

STACK Cybersecurity

STACK Cybersecurity serves as a strategic partner, guiding you through the intricate and dynamic cybersecurity landscape.