A study by SAP and Onapsis, a security company specializing in SAP solutions, shows that in less than three hours, cybercriminals are discovering and compromising SAP applications that are still unprotected and provisioned in cloud environments (IaaS). According to the report, there are also a large number of companies being attacked on their systems within 72 hours after the publication of important security patches. In other words, the critical vulnerabilities announced in SAP patches have been turned into weapons against company customers in less than 72 hours.
Onapsis and SAP say in the report that they observed more than 300 successful exploitation attempts against their network of honeypots while studying the threat landscape. The findings point to the conclusion that attackers reverse engineer SAP patches as soon as they become available, to create proof-of-concept exploit code that they can use as a weapon.
According to the report, the attacks were not a one-time attempt, as they sometimes included a chain of vulnerabilities. In addition, the attackers used a proof-of-concept code to attack SAP systems, in addition to having made brute force attacks to take over user accounts with elevator privileges. The purpose of these attacks was to take complete control of an SAP installation to modify user accounts and settings and to filter out business information.
Onapsis said that while the scope of the report was local SAP systems exposed to the Internet, the company warns that many of these vulnerabilities can be exploited within corporate systems, to which attackers can gain access through other vectors.
With international news agencies
See the original post at: https://www.cisoadvisor.com.br/ataques-a-aplicativos-sap-comecam-menos-de-3h-apos-provisionamento/?rand=59039
