The SAP threat landscape is always growing thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind SAP Cyber Threat Intelligence report is to provide an insight into the latest security threats and vulnerabilities.
SAP has released the monthly critical patch update for December 2015. This patch update closes 26 vulnerabilities in SAP products (19 Patch Day Security Notes and 7 Support Package Security notes), 16 of which are high priority. This month, two critical vulnerabilities found by ERPScan researchers Alexander Polyakov, Mathieu Geli and Vahagn Vardanyan were closed.
The largest part of vulnerabilities closed by this update relates to the “other” type according to SAP’s blog post. This is quite typical for business applications such as SAP. Due to their uniqueness and complexity, there are much more uncommon vulnerabilities comparing to traditional software where, as our research Analysis of 3000 SAP Security notes revealed, configuration issues constitute only 2%. Last year we analyzed SAP Security Notes by type, and about 300 vulnerabilities of almost 3000 were defined as configuration issues and about 150 were uncategorized. Configuration and other unusual issues in SAP are 5 times more common than in traditional products, thus, a significant part of cybersecurity measures falls on shoulders of administrators.
SAP has released the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the SAP HANA security area. The most popular vulnerability is Cross Site Scripting (XSS). This month, three critical vulnerabilities found by ERPScan researchers Dmitry Chastukhin, Vahagn Vardanyan, Roman Bezhan were closed.
SAP has released the monthly critical patch update for July 2015. This patch update closes a lot of vulnerabilities in SAP products, some of them belong to the SAP HANA security area. The most common vulnerability is Missing Authorization Check. This month, one critical vulnerability found by ERPScan researcher Alexander Polyakov was closed.
On 11th of May, a security headline broke the news about the USIS cyber attack (U.S. Investigations Services) potentially conducted by Chinese state-sponsored hackers via a vulnerability in SAP Software. Hackers broke into third-party software in 2013 to open personal records of federal employees and contractors with access to classified intelligence, according to the government’s largest private employee investigation provider .
USIS is a federal contractor which conducts background checks for DHS – the largest commercial provider of background investigations to the federal government. It has more than 5,700 employees providing services in all 50 states of the U.S. territories and overseas. As the result of the breach, more than 27,000 personnel seeking security clearances were compromised. Similar hacks also affected servers at the Office of Personnel Management (OPM), which holds information on security clearance investigations. Once hackers have a list of employees who possess government security clearances, they can exploit other aspects of those employees’ lives for further malicious gain.
Within a couple of hours after information that it was an SAP vulnerability we contacted with journalists of DarkReading and gave them feedback and some comments.
Now we sharing all comments that were prepared as well as additional research conducted by us, to tell you what can be the next steps for organizations to secure their systems and prevent these attacks.
Below you can find the timeline of this attack investigation, the collection of historical facts from different resources, and our comments on the topic.