Cybercriminals are increasingly bypassing common security and compliance controls to gain full control of unsecured SAP applications, cybersecurity and compliance solutions provider Onapsis stated. In doing so, they can deploy ransomware or other malicious software to steal sensitive information, perform financial fraud and disrupt mission-critical business processes.
Onapsis found evidence of more than 300 automated exploitations leveraging seven SAP-specific attack vectors and over 100 hands-on-keyboard sessions from various threat actors. It also discovered that critical SAP vulnerabilities were being weaponized in less than 72 hours of a patch release.
SAP has patched critical vulnerabilities that were previously exploited, Onapsis noted. But, many organizations still have not applied relevant mitigations and allow unprotected SAP systems to continue to remain visible to cybercriminals.
How to Guard Against SAP Application Vulnerabilities and Configuration Issues
Onapsis security researchers have released an alert detailing observed threat actor activity and techniques that could lead to full control of unsecured SAP applications. In addition, Onapsis offers the following recommendations to help organizations mitigate threats targeting SAP application vulnerabilities and configuration issues:
- Perform compromise assessments for SAP apps
- Apply relevant security patches to SAP apps
- Look for and address SAP app misconfigurations or unauthorized high-privilege users
- Conduct ongoing monitoring of SAP apps to watch for any potential threat activity
An SAP app protection program also can be implemented as part of an organization's cybersecurity strategy, Onapsis stated. This program can help an organization bolster its security posture and comply with industry regulations.
Furthermore, Onapsis is offering a three-month free subscription to the Onapsis Platform for Cybersecurity and Compliance. Organizations can use this platform for threat monitoring, investigation and remediation.