SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management.
On April 6 2021, security researchers from Onapsis, in coordination with SAP, released an alert detailing observed threat actor activity and techniques that could lead to full control of unsecured SAP applications. Impacted organizations could experience:
- theft of sensitive data,
- financial fraud,
- disruption of mission-critical business processes,
- ransomware, and
- halt of all operations.
CISA recommends operators of SAP systems review the Onapsis Alert Active Cyberattacks on Mission-Critical SAP Applications for more information and apply necessary updates and mitigations.
See CISA’s previous alerts on SAP:
- Alert AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java, published July 13, 2020
- Alert AA19-122A: New Exploits for Unsecure SAP Systems, published May 02, 2019
- CA: Malicious Cyber Activity Targeting ERP Applications, published July 25, 2018
- Alert TA16-132A: Exploitation of SAP Business Applications, published May 11, 2016