Cybercriminals Target Critical SAP Systems, Could Cause 'Halt of All Operations'

SAP systems are a prominent attack vector for bad actors.

Edward Gately, Senior News Editor

April 7, 2021

3 Min Read
Alert symbol

SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks.

That’s according to a new alert by the Cybersecurity and Infrastructure Security Agency (CISA). On Tuesday, security researchers from Onapsis, in coordination with SAP, released an alert detailing threat actor activity they observed. They also pointed to techniques that could lead to full control of unsecured SAP applications.

SAP applications help organizations manage critical business processes. Those include enterprise resource planning, product life cycle management, customer relationship management and supply chain management.

Organizations impacted by threat activity could experience theft of sensitive data; financial fraud; disruption of mission-critical business processes; ransomware; and even a complete halt of operations.

CISA recommends operators of SAP systems review Onapsis’ alert for more information and apply necessary updates and mitigations.

Tim McKnight is SAP’s CSO.


SAP’s Tim McKnight

“This proactive research effort is the latest example of our commitment to ensure our global customers remain protected,” he said. “We’re releasing the research Onapsis has shared with SAP as part of our commitment to help our customers ensure their mission-critical applications are protected.”

That includes applying available patches, reviewing the security configuration of their SAP environments and assessing them for signs of compromise.

SAP Systems Prominent Attack Vector

Kevin Dunne is president of Pathlock. He said SAP systems are a prominent attack vector for bad actors.


Pathlock’s Kevin Dunne

“Most federal agencies are running on SAP, as it has become the industry standard for government entities,” he said. “However, these SAP implementations are often on-premises, and managed by the government entities themselves due to security concerns. These systems then become increasingly vulnerable when updates and patches are not applied in a timely fashion, leaving them wide open for interested hackers.”

Applying security patches in a timely fashion is mission-critical in closing major, known SAP vulnerabilities, Dunne said. However, patching only remedies issues in the rearview.

“For a comprehensive, forward-looking approach to SAP security, organizations need to implement a comprehensive solution to monitor user activities within the system, including interactions with sensitive data,” he said.

High Window of Exposure

Setu Kulkarni is vice president of strategy at WhiteHat Security.  He said ISVs and technology companies have an inordinately high window of exposure. That’s because they lack security rigor. They may pass security responsibilities to the companies that use the ISV to build products for their customers.


WhiteHat Security’s Setu Kulkarni

“In this case, SAP customers are accountable for securing their customers,” Kulkarni said. “Customers who implement SAP cannot completely depend on SAP to guarantee security nor can SAP provide assurance of a customer’s implementation.”

Organizations that implement large packaged applications should be cautious of this blind spot, he said.

Connected systems are an underlying condition for a supply chain type of attack, Kulkarni said.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like