CISA: Patch Legacy SAP Vulnerabilities Urgently

CISA: Patch Legacy SAP Vulnerabilities Urgently

The US government is urging SAP owners to urgently patch and fix their application environments after a new report warned of mass exploitation.

360 Mobile Vision - North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

The Cybersecurity and Infrastructure Security Agency (CISA) urged SAP businesses to prioritize reviewing the Onapsis report. It said affected customers could be exposed to data theft, financial fraud, ransomware and disruption of mission critical operations and processes.

Onapsis claimed to have discovered over 300 successful exploitation attempts in the course of its research alone, related to six known vulnerabilities and one critical configuration issue.

Although two of these bugs were from last year, one dated back to 2018, two were patched in 2016 and one was fixed all the way back in 2010.

The report also warned that attackers are quick to jump on newly discovered vulnerabilities, weaponizing exploits in less than 72 hours from the time patches are released and compromising new SAP apps in IaaS environments in under three hours.

“The evidence clearly shows that cyber criminals are actively targeting and exploiting unprotected SAP applications with automated and sophisticated attacks. This research also validates that the threat actors have both the means and expertise to identify and exploit unprotected SAP systems and are highly motivated to do so,” the report noted.

“Onapsis researchers found reconnaissance, initial access, persistence, privilege escalation, evasion and command and control of SAP systems, including financial, human capital management and supply chain applications.”

Beyond vulnerability exploits, the researchers also discovered brute-forcing of high-privilege SAP user accounts, and attempts at chaining vulnerabilities to achieve privilege escalation for OS-level access, which could grant attackers access to wider corporate systems.

SAP is used by over 400,000 organizations worldwide, including 92% of the Forbes Global 2000, 18 of the world’s top 20 vaccine-makers, and over 1000 government, NATO and military entities.

“Despite patches being available for months and even years, attackers are still finding and exploiting unpatched SAP systems,” said Tenable research engineering manager, Scott Caveza.

“This serves as a reminder to administrators of sensitive data and applications that applying patches, mitigations, or workarounds are paramount to thwarting malicious actors looking to exploit well known vulnerabilities.”

By admin