Security News > 2021 > April > SAP Bugs Under Active Cyberattack, Causing Widespread Compromise

Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning.

"With more than 400,000 organizations using SAP, 77 percent of the world's transactional revenue touches an SAP system. These organizations include the vast majority of pharmaceutical, critical infrastructure and utility companies, food distributors, defense and many more."

"Most federal agencies are running on SAP, as it has become the industry standard for government entities. However, these SAP implementations are often on-premise, and managed by the government entities themselves due to security concerns. These systems then become increasingly vulnerable when updates and patches are not applied in a timely fashion, leaving them wide open for interested hackers."

The attacks are brute-forcing high-privilege SAP user accounts, as well as exploiting a raft of known bugs: CVE-2020-6287, CVE-2020-6207, CVE-2018-2380, CVE-2016-9563, CVE-2016-3976 and CVE-2010-5326, according to the warning.

"The window for defenders is significantly smaller than previously thought, with examples of SAP vulnerabilities being weaponized in less than 72 hours since the release of patches, and new unprotected SAP applications provisioned in cloud environments being discovered and compromised in less than three hours."

"Unfortunately, both SAP and Onapsis continue to observe many organizations that have still not applied the proper mitigationsallowing unprotected SAP systems to continue to operate and, in many cases, remain visible to attackers via the internet."

News URL

https://threatpost.com/sap-bugs-cyberattack-compromise/165265/