Hackers have set their eyes on mission critical SAP applications for stealing data and disrupting critical processes, mostly in manufacturing and operational sector. The highlight in the find is that the threat actors are exploiting a bug in the SAP application to deploy ransomware not before stealing data.
Massachusetts based application security offering company Onapsis made this discovery in association with Germany-based SAP SE.
What’s interesting about this cyber attack is that the company that offers Enterprise Resource Planning Software(ERP) has itself stated that it has detected over 300 attempts to infiltrate its applications out of 1,500 attempts to exploit previously known vulnerabilities and configuration errors. This includes exploitation of supply chain management, human capital management software and product life-cycle management as well.
Onapsis says that the attack vectors are super-sophisticated and were launched with the help of TOR nodes and VPNs via drop web shells for arbitrary command executions, and escalated privileges.
Good news is that no customer breaches have been discovered by the cyber attacks to date. So, applying relevant patches, preventing unauthorized access through address mis-configurations, assessment of applications can help prevent customer breaches says SAP.
Note- In February 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert that all SAP systems running on obsolete software are on the verge of being exposed to malicious attacks. Therefore, companies using business intelligence tools such as customer relationship management, supply chain management, product life cycle management and business resource planning should see that their applications are updated and secure enough to prevent theft of sensitive data, financial frauds, malware infections, halt or disruption of mission critical operations.