Unpatched SAP applications are target-rich ground for hackers
Report from SAP and cyber threat research company Onapsis warns that hackers are attacking mission-critical SAP business applications that contain unpatched vulnerabilities
Share this item with your network: By Published: 07 Apr 2021 9:00
Hackers are targeting unpatched vulnerabilities in SAP applications, according to a report issued by SAP and cyber threat research company Onapsis.
The report detailed more than 300 successful exploitations of critical vulnerabilities previously patched by SAP through 1,500 attack attempts between June 2020 and March 2021.
It also highlighted that the time window for defenders to act was significantly smaller than previously thought, “with examples of SAP vulnerabilities being weaponised in less than 72 hours” after the release of patches and “new unprotected SAP applications provisioned in cloud (IaaS) environments being discovered and compromised in less than three h
A general view of the headquarters of SAP AG in Walldorf, Germany. (Photo by Thomas Lohnes/Getty Images)
Multiple hackers are actively targeting SAP installations that have not updated in nearly a year or use poor account management. The warning, which came from the Department of Homeland Security, SAP and Onapsis, is based on research documenting activity in the wild.
“We want to really send a strong message to our customers around better managing the security of their systems, where they have not,” said Tim McKnight, SAP chief security officer, in a briefing for reporters. “These are patched systems, these are things that have already been fixed. But we’re concerned about customers that have not applied the fixes for months or years to date.”
Press release content from Business Wire. The AP news staff was not involved in its creation.
SAP and Onapsis Proactively Notify and Help Customers Protect Mission-Critical Applications from Active Cyber Threats
April 6, 2021 GMT
WALLDORF, Germany & BOSTON (BUSINESS WIRE) Apr 6, 2021
SAP (NYSE: SAP) and Onapsis today jointly released a cyber threat intelligence report providing actionable information on how malicious threat actors are targeting and potentially exploiting unprotected mission-critical SAP applications. The companies have worked in close partnership with the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Germany’s Federal Cybersecurity Authority (BSI), advising organizations to take immediate action to apply long-available SAP patches and secure configurations, and perform compromise assessments on critical environments.
Headline: SAP and Onapsis Proactively Notify and Help Customers Protect Mission-Critical Applications from Active Cyber Threats
WALLDORF and BOSTON SAP (NYSE: SAP) and Onapsis today jointly released a cyber threat intelligence report providing actionable information on how malicious threat actors are targeting and potentially exploiting unprotected mission-critical SAP applications.
The companies have worked in close partnership with the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Germany’s Federal Cybersecurity Authority (BSI), advising organizations to take immediate action to apply long-available SAP patches and secure configurations, and perform compromise assessments on critical environments.
SAP and Onapsis are not aware of known customer breaches directly related to this research. The report also does not describe any new vulnerabilities in SAP cloud software as a service or SAP’s own corporate IT infrastructu