Active cyberattacks have been reported on known security vulnerabilities in widely deployed SAP applications, giving the attackers access for full take over and the ability to infest an organisation completely. Researchers warn that these attacks could lead to full control of unsecured SAP applications. An alert issued by SAP informs that threat actors are carrying out various attacks, which include the theft of sensitive data, financial fraud, disruption of mission-critical business processes among other operational disruptions. The delivery of ransomware and other malware has also been reported.
Onapsis researchers have recorded more than 300 successful exploit attempts from the middle of last year up until now. In their warning the SAP stated: “These are the applications that 92 percent of the Forbes Global 2000 have standardized on SAP to power their operations and fuel the global economy. With more than 400,000 organizations using SAP, 77 percent of the world’s transactional revenue touches an SAP system. These organizations include the vast majority of pharmaceutical, critical infrastructure and utility companies, food distributors, defense and many more.”