A recent joint study by Flashpoint and ERP cybersecurity firm Onapsis has highlighted an alarming rise in cyber threats targeting SAP applications, marking a significant shift in the focus of cybercriminal activities. The research indicates that SAP business-critical applications have become increasingly valuable targets for cybercriminals, driven by the potential for financial gain, espionage, and sabotage.
The report underscores 2023 as a pivotal year for SAP application security, witnessing unprecedented levels of threat activities. Well-established threat actors and state-sponsored cyberespionage groups have intensified their efforts against SAP systems, exploiting known vulnerabilities that were patched by SAP several years prior. These vulnerabilities, despite being addressed by SAP through timely security updates, remain a popular target due to ongoing weaknesses in cybersecurity governance among some organizations, especially as they transition these applications to cloud environments.
The collaborative effort between Onapsis Research Labs and Flashpoint has mapped the evolution of the SAP threat landscape over the past four years, illustrating the maturity of this cybercriminal market and the challenges it poses to global security defenses. Key findings from the report include:
A staggering 400% increase in ransomware incidents involving SAP systems since 2021, with cybercriminals leveraging unpatched SAP vulnerabilities to launch their attacks.
A 490% surge in discussions regarding SAP vulnerabilities and exploitation techniques across open, deep, and dark web platforms from 2021 to 2023. These conversations cover detailed exploit methods and strategic guidance for targeting SAP applications.
A notable 220% rise in cybercriminal forum activity related to SAP-specific cloud and web services over the same period, broadening the exposure of critical SAP applications to a wider array of threat actors.
Christian Rencken, Senior Strategic Advisor at Flashpoint, emphasized the necessity of integrating comprehensive threat intelligence into security strategies. "The growing focus on ERP applications by cybercriminals highlighted in this report reflects a critical evolution in the threat landscape. It's essential for organizations to integrate comprehensive threat intelligence into their security protocols to effectively counter these advanced threats," he stated.
Juan Pablo (JP) Perez-Etchegoyen, CTO at Onapsis, also commented on the importance of this intelligence for protecting vital systems. “This collaboration with Flashpoint provides a depth of threat intelligence that is critical for both security and SAP teams to understand,” he said. “By showing how these applications are being targeted and the increasing frequency, we hope to help CIOs, CISOs, and their teams manage the risk of wide-scale attacks.”
The findings serve as a stark reminder for organizations utilizing ERP systems from SAP and other vendors like Oracle to prioritize and strengthen their cybersecurity measures. As these systems support a multitude of critical business processes and host sensitive data, securing them against sophisticated cyber threats has never been more crucial.