Last week, Onapsis and Flashpoint released a report describing the evolution of the Treat Landscape around SAP Applications, including the intersection of SAP and Ransomware. Some of its highlights include a 490% increase of the mentions to SAP exploits or vulnerabilities across the open deep and dark web from 2020 to 2023, or a whopping 400% increase in the price or an Remote Command Execution exploit for SAP Applications from August of 2020 to April of 2024.
These Threat Intelligence indicates that Threat Actors of all types understand how to target SAP technology, by exploiting SAP CVE(s), exfiltrating financial reports from SAP Applications, performing financial fraud over extended periods of time, or even through the execution of Ransomware, which also targets SAP Applications and data. Some examples of these Threat Actors are APT10, a state sponsored actor, FIN7/FIN13, which are financially motivated Threat Actors or Cobalt Spider, a cybercriminal group.
This is an effort moving in the direction of helping SAP Customers tackle cybersecurity threats such as active cyberattacks or ransomware, as done in the past jointly with SAP:
So as SAP Customers, what should we do?
In short, Vulnerability Management, Threat Detection and Threat Intelligence should integrate and incorporate SAP Applications.
If you are interested on reading more of this research, the report is available for download at both Onapsis and Flashpoint sites (SAP community policies do not allow to add the link directly on this blog).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
22 | |
8 | |
6 | |
5 | |
5 | |
5 | |
4 | |
4 | |
3 | |
3 |