Majority of SAP attacks take place using three common techniques

Researchers claim that most cyberattackers targeting SAP applications use one of three major cyberattack vectors.
Written by Charlie Osborne, Contributing Writer
The majority of cyberattacks levied against SAP applications in the enterprise are pivots, portal attacks and database warehousing, researchers claim.

According to a new assessment released by cybersecurity firm Onapsis, over 95 percent of SAP applications assessed contained vulnerabilities which could lead to compromised data and operational disruption in the enterprise.

SAP is run by over 250,000 business customers worldwide, including over 80 percent of Global 2000 firms. The attack vectors, which often result in compromised SAP systems, put intellectual property, financial, credit card, customer and supplier data as well as database warehouse information at risk.

The Onapsis Research Labs study assessed hundreds of SAP implementations and SAP exposure to vulnerabilities through corporate networks. According to the cybersecurity firm, one of the most common cyberattack vectors on SAP systems is the use of pivots between different systems. To begin with, cyberattackers target systems with lower security in order to execute remote function modules in the destined, critical system.

In addition, customer and supplier portals are often selected as targets. Backdoor users are created in the SAP J2EE User Management Engine and by exploiting a vulnerability, hackers can obtain access rights to SAP Portals and Process Integration platforms -- as well as their connected, internal systems.

Finally, the firm says database warehousing attacks are often employed for attacks on enterprise-based SAP applications. Operating system commands are executed under the privileges of a particular user, and by exploiting vulnerabilities in the SAP RFC Gateway, cybercriminals can gain access to -- and potentially modify -- data stored in SAP databases.

Mariano Nunez, CEO and co-founder of Onapsis commented:

"The big surprise is that SAP cybersecurity is falling through the cracks at most companies due to a 'responsibility' gap between the SAP Operations team and the IT Security team. The truth is that most patches applied are not security-related, are late or introduce further operational risk. Breaches are happening every day but still many CISOs don't know because they don't have visibility into their SAP applications."

In addition, the company discovered that most companies are also exposed to protracted patching windows averaging 18 months or more. In last year alone, 391 security patches were released by SAP -- an average of over 30 a month -- with almost half ranking as "high priority" by SAP.

"This trend is not only continuing, but exacerbating with SAP HANA, which has brought a 450 percent increase in new security patches specifically affecting this platform. With SAP HANA positioned in the center of the SAP ecosystem, data stored in SAP platforms now must be protected both in the cloud and on-premise," Nunez said.

In order to keep SAP applications as secure as possible, companies should stay up-to-date with SAP Security Notes, continually monitor their networks and have both cybersecurity protection and risk management policies in place.

Read on: In the world of security

Read on: Fixes and Flaws

Editorial standards