The information about a 0-day SAP vulnerability was published on LinkedIn on October 28, 2016. A researcher disclosed details of the vulnerability in SAP system that he had identified and stated as 0-day. As it turns out, the vulnerability was already patched by SAP on 13th of September by SAP Note 2344524, so technically it’s not a 0-day vulnerability, but 0-day details of the vulnerability, so to speak. However, as it takes time to implement a patch, most of SAP users may be still susceptible to attack by this issue.
SAP security used to be a terra incognita with almost no real attacks on SAP systems known to the public. However, times have changed. Several weeks ago, after the US-CERT alert, almost all the media have published a sensational news concerning potential attacks on SAP systems of the largest companies worldwide.
The news was rather shocking and raised many questions, as it turned out that SAP systems can be hacked by attackers, and what is more, it was state-sponsored Chinese hackers who did so.
Although SAP Security incidents were known since 2012 and experts have been warning about them for the last 10 years, this news stirred up public opinion much more than the previous ones. Even though because of the news a lot of people started to take SAP Security seriously, the situation still requires some clarifications. So, let’s look at the most significant incidents related to SAP Cybersecurity that happened within the last 5 years.
I hope you enjoyed my previous Oil and Gas Cyber Security article. This time, I would like to tell you about the first aspect of the Oil and Gas security landscape in detail.
The Oil and Gas Security consists of IT Security, OT Security, and connections between them. Today’s topic is OT Security. As this area cannot be covered by one article, we will start with the upstream segment. The most critical risks which company will face if somebody gets unauthorized access to Oil and Gas companies’ infrastructure are the following:
On May 11, 2016, the Department of Homeland Security published the first-ever US-CERT Alert for cybersecurity of SAP business applications.
Nonetheless, what we do know from public sources is that there were threads on some Chinese forums related to the attack. However, is there any proof? I mean, I’m absolutely sure that cybercriminals perform attacks against SAP. I also believe that we should pay more attention to them and increase awareness. But as researchers and experts to whom the industry tends to trust, when we state that there was an attack, we ought to always provide IT community with solid proofs. I was personally involved in forensic investigation of SAP systems compromise and have no doubts that attacks are real, but I can’t disclose the details, that’s why I do not advertise that dozens of systems are under attack.