Malicious Cyber Activity Targeting Critical SAP Applications

Read Time59 Second

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

04/06/2021 09:00 AM EDT

 

Original release date: April 6, 2021
SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management.

On April 6 2021, security researchers from Onapsis, in coordination with SAP, released an alert detailing observed threat actor activity and techniques that could lead to full control of unsecured SAP applications. Impacted organizations could experience:

  • theft of sensitive data,
  • financial fraud,
  • disruption of mission-critical business processes,
  • ransomware, and
  • halt of all operations.

CISA recommends operators of SAP systems review the Onapsis Alert Active Cyberattacks on Mission-Critical SAP Applications for more information and apply necessary updates and mitigations.

See CISA’s previous alerts on SAP:

This site uses Akismet to reduce spam. Learn how your comment data is processed.