Security News > 2021 > April > Ongoing attacks are targeting unsecured mission-critical SAP apps

Threat actors are targeting mission-critical SAP applications unsecured against already patched vulnerabilities, exposing the networks of commercial and government organizations to attacks.

SAP and cloud security firm Onapsis warned of these ongoing attacks today, and have worked in partnership with the Cybersecurity and Infrastructure Security Agency and Germany's cybersecurity agency BSI to warn SAP customers to deploy patches and survey their environments for unsecured apps.

Brute-force attacks targeting unsecured high-privilege SAP user account settings.

Patching vulnerable SAP systems should be a priority for all defenders since Onapsis also found that attackers start targeting critical SAP vulnerabilities within less than 72 hours, with exposed and unpatched SAP apps getting compromised in less than three hours.

Immediately perform a compromise assessment on SAP applications that are still exposed to the vulnerabilities mentioned herein, or that have not been promptly secured upon the release of the relevant SAP security patches.

Immediately assess all applications in the SAP environment for risk, and immediately apply the relevant SAP security patches and secure configurations.

News URL

https://www.bleepingcomputer.com/news/security/ongoing-attacks-are-targeting-unsecured-mission-critical-sap-apps/