SAP and Onapsis have jointly released a cyber threat intelligence report providing actionable information on how malicious threat actors are targeting and potentially exploiting unprotected mission-critical SAP applications.
The companies have worked in close partnership with the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Germany’s Federal Cybersecurity Authority (BSI), advising organizations to take immediate action to apply long-available SAP patches and secure configurations, and perform compromise assessments on critical environments.
SAP and Onapsis are not aware of known customer breaches directly related to this research. The report also does not describe any new vulnerabilities in SAP cloud software as a service or SAP’s own corporate IT infrastructure. Both companies, however, note that many organizations still have not applied relevant mitigations that have long been provided by SAP. Customers who fail to apply these protective measures and allow unprotected SAP applications to continue to operate put themselves and their business at risk.
The intelligence captured by Onapsis and SAP highlights active threat activity seeking to target and compromise organizations running unprotected SAP applications, through a variety of cyberattack vectors. Observed exploitation techniques would lead to full control of the unsecured SAP applications, bypassing common security and compliance controls, and enabling attackers to steal sensitive data, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations. These threats may also have regulatory compliance implications for organizations that have not properly secured their environments.
“This proactive research effort is the latest example of our commitment to ensure our global customers remain protected,” said Tim McKnight, chief security officer, SAP. “We’re releasing the research Onapsis has shared with SAP as part of our commitment to help our customers ensure their mission-critical applications are protected. This includes applying available patches, thoroughly reviewing the security configuration of their SAP environments and proactively assessing them for signs of compromise.”
The scope of impact from these specific vulnerabilities is localized to customer deployments of SAP products within their own data centers, managed colocation environments or customer-maintained cloud infrastructures. None of the vulnerabilities are present in cloud solutions maintained by SAP.
“As a SAP partner for cybersecurity and compliance, we have observed firsthand the outstanding improvements SAP has made in the recent years to develop more secure software, patch critical vulnerabilities faster and overall proactively ensure SAP customers are secure,” said Mariano Nunez, CEO and cofounder of Onapsis. “The critical findings noted in our report describe attacks on vulnerabilities with patches and secure configuration guidelines available for months and even years. Unfortunately, too many organizations still operate with a major governance gap in terms of the cybersecurity and compliance of their mission-critical applications, allowing external and internal threat actors to access, exfiltrate and gain full control of their most sensitive and regulated information and processes. Companies that have not prioritized rapid mitigation for these known risks should consider their systems compromised and take immediate and appropriate action.”
To support customers that require investigation, threat remediation and additional post-compromise security monitoring, Onapsis is offering a 3-month free subscription to the Onapsis Platform for Cybersecurity and Compliance, an SAP endorsed app that can be accessed through SAP Store.