95 percent of SAP systems were exposed to vulnerabilities

Pierluigi Paganini May 09, 2015

Onapsis study found that over 95% of SAP systems are exposed to vulnerabilities that could lead to full compromise of the company’s business.

SAP is one of the most popular enterprise software used by companies to manage business operations and customer relations.

A recent study conducted by the SAP solutions provider revealed that more than 95 percent of enterprise SAP installations is affected by serious security issues that open them to cyber attacks that could result in a dangerous data breach. The assessment confirmed that more than 250,000 SAP business customers worldwide, including 98 percent of the 100 most valued brands, are potentially exposed to cyber attacks that could exploit a series of vulnerabilities. On average the companies result vulnerable for a period of 18 months from the disclosure of the vulnerability.

The big surprise is that SAP cyber security is falling through the cracks at most companies due to a responsibility gap between the SAP operations team and the IT security team,” Onapsis chief executive Mariano Nunez says. “The truth is that most patches applied are not security-related, are late or introduce further operational risk.

The study also reported that SAP released 391 security patches in 2014 and more that 50 percent of them was ranked as high priority.

The principal cyber attacks against SAP applications was grouped in the following categories:

  • Pivots – Pivoting from a low to high integrity systems in order to execute remote function modules.
  • Database Warehousing – Exploiting flaws in the SAP RFC Gateway to execute admin privilege commands in order to obtain or modify information in SAP databases.
  • Portal Attacks – Creating J2EE backdoor accounts by exploiting vulnerabilities to gain access to SAP portals and other internal systems.

The report provided details about the Top Three Common Cyber Attack Vectors on SAP Systems which allow hackers to compromise SAP systems and access company data applications. The cyber attacks could have serious repercussions on the following key business processes that were identified by the experts:

  1. Customer Information and Credit Card Breaches Using Pivoting Between SAP Systems.
  2. Customer and Supplier Portal Attacks.
  3. Database Warehousing Attacks through SAP proprietary protocols.

sap systems 2

According to Nunez, SAP HANA is responsible for a 450 percent increase in the number of new security patches.

“This trend is not only continuing, but exacerbating with SAP HANA, which has brought a 450 percent increase in new security patches,” explained Nunez. “With SAP HANA positioned in the center of the SAP ecosystem, data stored in SAP platforms now must be protected both in the cloud and on-premise.

The report also provides the following action plan to improve the security level of the SAP systems.

  1. Gain visibility into SAP-based assets to determine the “value at risk”
  2. Prevent security and compliance issues through continuous monitoring
  3. Detect and respond to new threats, attacks or user behavior anomalies as indicators of compromise (IOCs)

In order to protect the SAP software is important to maintain up-to-date the systems by following any SAP Security Notes and monitoring internal architecture for security issues.

Pierluigi Paganini

(Security Affairs –  SAP systems, cyber security)

you might also like

leave a comment