Security News

On Tuesday, as part of its April 2021 Security Patch Day, SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce.

SAP applications are getting compromised by skilled attackersNewly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities affecting them are being weaponized in less than 72 hours after SAP releases security patches. MindAPI makes API security research and testing easierSecurity researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier.

Accenture is collaborating with SAP on a unique joint initiative to design, develop and deliver new cloud-based capabilities that strengthen existing SAP Intelligent Asset Management solutions. Accenture is bringing its industry-specific assets and knowledge to extend asset management solution functionality, helping companies in industries such as energy, life sciences and natural resources improve performance by shifting maintenance strategies from reactive to proactive.

SAP and Onapsis jointly released a cyber threat intelligence report providing actionable information on how malicious threat actors are targeting and potentially exploiting unprotected mission-critical SAP applications. Both companies note that many organizations still have not applied relevant mitigations that have long been provided by SAP. Customers who fail to apply these protective measures and allow unprotected SAP applications to continue to operate put themselves and their business at risk.

Newly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities affecting them are being weaponized in less than 72 hours after SAP releases security patches. SAP applications compromised via known vulnerabilities.

Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations," cybersecurity firm Onapsis and SAP said in a joint report published today.

SAP and security analysts Onapsis say cyber-criminals are pretty quick to analyze the enterprise software outfit's patches and develop exploits to get into vulnerable systems. In a joint report issued by the two organizations, Mariano Nunez, CEO of Onapsis, cited "Conclusive evidence that cyberattackers are actively targeting and exploiting unsecured SAP applications," and warned time was of the essence, reporting "SAP vulnerabilities being weaponized in less than 72 hours since the release of patches."

Threat actors are constantly targeting new vulnerabilities in SAP applications within days after the availability of security patches, according to a joint report issued by SAP and Onapsis. Used within more than 400,000 organizations for resource planning, management of product lifecycle, human capital, and supply chain, and for various other purposes, SAP's applications represent an attractive target for adversaries.

Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning. "With more than 400,000 organizations using SAP, 77 percent of the world's transactional revenue touches an SAP system. These organizations include the vast majority of pharmaceutical, critical infrastructure and utility companies, food distributors, defense and many more."

In a press conference detailing the report, Onapsis CEO Mariano Nunez said that the company confirmed over 300 exploitations, more than 107 hands-on attacks and seven tracked threat vectors in 18 countries, based on "Direct observation of threat activity." The data is not based on the exploitation of SAP customers' environments, Nunez added. SAP and Onapsis stressed that they are not aware of known customer breaches related to this research.