In the previous articles of Perfect SAP Penetration testing series, we reviewed a general approach to pentesting SAP Systems and finding vulnerabilities which makes possible obtaining administrator privileges in the SAP system.
If you are new to this series, please refer to the previous articles:
The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind the monthly SAP Cyber Threat Intelligence report is to provide an insight into the latest security vulnerabilities and threats.
While there are many common scenarios of breaches that include classic database thefts, ransomware, phishing or DoS, some hackers provide exceptional originality. Their imaginary can astonish you. Here is the list of top-10 most unusual cyberattacks of 2017.
One of the most important aspects to ensure the PeopleSoft security is security event logging in place. In case of an incident (which is likely to happen since there are plenty of settings and it is difficult to control all of them), only the security audit that is configured correctly allows a company to discover the fact of an attack in due time and, perhaps, to respond to it. Besides, this security audit enables preventing cyberattacks in their early stages of collecting system data. If you collect events timely and analyze them with the help of techniques based on signature or machine learning for anomalies detection, you can both detect and prevent attacks quickly.
Machine learning (ML) is taking cybersecurity by storm nowadays as well as other tech fields. In the past year, there has been ample information on the use of machine learning in both defense and attacks. While the defense was covered in most articles (I recommend reading “The Truth about Machine Learning in Cybersecurity”), Machine Learning for Cybercriminals seems to be overshadowed and not unanimous.
The next topic to deal with after Segregation of Duties is SAP Code Security. It is a relatively new area of SAP Cybersecurity comparing to SoD, for example.
The information about ABAP Security first came to the public eye in 2002 and was devoted to an SAP virus. However, it is not the only problem of the customization brought by the usage of SAP to every client while trying to customize their SAP System to work in specific situations.
The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind SAP Cyber Threat Intelligence report is to provide an insight into the latest security vulnerabilities and threats.