Virtualization Technology News and Information
Article
RSS
New Cybersecurity Report: New Report Reveals Evidence of Increased Cybercriminal Interest in ERP Applications
New research from Flashpoint and Onapsis reveals evidence that SAP business-critical applications are increasingly top of mind and valuable for cybercriminals. The report shows a significant rise in threat actor groups targeting SAP vulnerabilities, and aids defenders with actionable intelligence to ensure their mission-critical SAP applications are protected from these threats.  

2023 was a critical inflection point for the SAP application threat landscape with new highs in threat activity and increased interest from prolific and well-established threat actor groups and state-sponsored cyberespionage groups. All SAP vulnerabilities observed within this report were patched by SAP several years ago, with SAP having made the relevant SAP Security Notes promptly available for customers. This indicates that threat actors continue to target and exploit organizations with weak cybersecurity governance for SAP applications, mostly taking advantage of known, unpatched SAP vulnerabilities and misconfigurations. This is of special relevance as customers migrate SAP applications to the cloud, further increasing their exposure to a growing number of threat actors.   

This report from Onapsis Research Labs in collaboration with Flashpoint highlights the evolution of this threat landscape for SAP applications over the past four years and how the growing maturity of this cybercriminal market presents stark challenges to defenders of organizations globally. This collaborative research report reveals:  

Rising Threats Against SAP Applications 

  • The SAP threat landscape is seeing well-established, highly sophisticated threat actors and state-sponsored groups that are more aggressively targeting SAP applications for financial gain, espionage and sabotage.

Increased Evidence of Ransomware Attacks on SAP 

  • Since 2021, research demonstrates a 400% increase in ransomware incidents that involved compromising SAP systems and data at victim's organizations.
  • Unpatched SAP vulnerabilities are being exploited and used in ransomware campaigns, as highlighted by Onapsis Research as well as CISA.
  • Recent evolution of ransomware and malware capabilities has occurred to enhance awareness of SAP processes and services, which demonstrates a renewed focus on successful ransomware execution and data extraction across SAP technology.

Increased Discussion and Interest in SAP Exploitation 

  • Conversations on SAP vulnerabilities and exploits have increased 490% across Open Deep and Dark Web from 2021 to 2023, including:
  • Details on how to exploit SAP vulnerabilities
  • Guidance for executing certain SAP exploits against victims
  • Actors discussing SAP compromises.
  • There is high interest around SAP vulnerabilities, demonstrated by the conversations in cybercriminal forums, as well as its active exploitation.

Significant Growth in Threat Community Engagement  

  • Active discussions in cybercriminal forums about SAP-specific Cloud and Web services have increased 220% from 2021 to 2023
  • Exposing critical SAP applications to a broader audience of malicious threat actors.
  • Enabling attackers to find SAP Applications over the Internet.

Proactive Measures and Warnings 

  • SAP and Onapsis have been proactively warning organizations of the increased risk of malicious activity and ransomware threats targeting SAP applications for years. It is imperative for organizations to act to protect themselves.

The vast majority of large organizations utilize ERP applications from leading vendors like SAP and Oracle, incorporating solutions such as SAP Business Suite, SAP S/4HANA, and Oracle E-Business Suite/Financials. These applications are crucial for supporting a wide array of business processes, including payroll, treasury, inventory management, manufacturing, financial planning, sales, logistics, and more. They are also pivotal in managing and hosting a vast range of sensitive data. This encompasses financial results, manufacturing formulas, pricing strategies, critical intellectual property, and sensitive information like credit card details and personally identifiable information (PII) of employees, customers, and suppliers.  

Some companies are falling behind when it comes to ERP cybersecurity due to the lack of information about the threat actors in what was considered by many information security teams to be a complex and obscure domain. 

The growing focus on ERP applications by cybercriminals highlighted in this report reflects a critical evolution in the threat landscape. It's essential for organizations to integrate comprehensive threat intelligence into their security protocols to effectively counter these advanced threats," said Christian Rencken, Senior Strategic Advisor at Flashpoint. 

"This collaboration with Flashpoint provides a depth of threat intelligence that is critical for both security and SAP teams to understand," said Juan Pablo (JP) Perez-Etchegoyen, CTO at Onapsis. "By showing how these applications are being targeted and the increasing frequency, we hope to help CIOs, CISOs and their teams manage the risk of wide-scale attacks." 

Download the report
Published Wednesday, April 17, 2024 12:49 PM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<April 2024>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
2829301234
567891011