More than 400,000 organizations around the world currently use SAP’s customer relationship management (CRM), product lifecycle management (PLM) and supply chain management (SCM) applications. SAP and cloud security company Onapsis along with the Cybersecurity and Infrastructure Security Agency (CISA) and Germany’s Federal Office for Information Security (BSI) are currently warning customers of ongoing attacks while urging administrators to apply patches.
“SAP promptly patched all of the critical vulnerabilities observed being exploited, and have made them available to customers for months, and years in some cases. Unfortunately, SAP and Onapsis continue to observe many organizations that have still not applied the relevant mitigations, allowing unprotected SAP systems to continue to operate and, in many cases, remain visible to attackers via the internet.”
Onapsis began recording exploitation attempts in mid-2020. Since then, they have found “300 successful exploitations through 1,500 attack attempts from nearly 20 countries between June 2020 and March 2021.” Multiple vulnerabilities and insecure configurations are being taken advantage of in order to compromise systems. In some cases, multiple vulnerabilities were being chained together. In an alert issued by CISA yesterday, affected organizations could experience:
- theft of sensitive data
- financial fraud
- disruption of mission-critical business processes
- halt of all operations