April 18, 2024 at 12:40PM
Hackers are increasingly targeting SAP applications and data in organizations, driven by migration to the cloud and improved ability to exploit security gaps. Ransomware attacks on SAP systems have risen by 400%, with pricing for SAP exploits following suit. Threat actors, including APT10 and FIN7, are exploiting vulnerabilities in various industries, making protection of SAP applications critical.
After reviewing the meeting notes, the key takeaways are as follows:
1. Malicious hackers have shown an increased interest in compromising SAP applications and data at targeted organizations, particularly due to the migration of SAP applications to the cloud.
2. Over the past three years, ransomware attacks against SAP systems have increased by 400%, and there has been a corresponding increase in the price brokers are willing to pay for exploits targeting SAP vulnerabilities.
3. High-profile threat actors such as APT10, FIN7, FIN13, and Cobalt Spider have been observed exploiting SAP vulnerabilities in attacks targeting organizations across various industries.
4. There is a significant increase in dark web conversations related to SAP vulnerabilities, leading to higher prices for exploits. Exploit acquisition firms are offering tens of thousands of dollars for remote code execution (RCE) flaws and exploits in SAP products.
5. Security firms have identified multiple SAP flaws for which patches have been released that are actively exploited by ransomware groups and other threat actors.
6. It is crucial to ensure the protection of SAP applications at both the operating system/endpoint level and the application level, including the validation of SAP Security Notes, configurations, interfaces, third-party transports, and user authorizations.
These takeaways indicate a growing concern regarding the security of SAP applications and the need for proactive measures to protect against potential threats and vulnerabilities.