Close

have questions?

Contact us today.

Subscribe me to your mailing list

SAP Cyber Security

2016 State of Business application security

In the wake of several high-profile incidents involving business applications over the outgoing year, there is an increasing focus on business software security. In this blog post, we gathered together the milestones of this topic for 2016.

The list of critical incidents and significant statistics is endless, but we decided to focus on 5 major facts:

1. The first-ever US-CERT alert on SAP Vulnerability;
2. Potential attacks against critical infrastructure via vulnerabilities in business applications;
3. The number of SAP Vulnerabilities identified per year is high; 4. SAP threat landscape has grown;
5. Oracle MICROS hack compromises data of 330,000 customer sites around the world.
Read more..

SAP Cybersecurity Incidents. What lessons should be learned from them?

SAP security used to be a terra incognita with almost no real attacks on SAP systems known to the public. However, times have changed. Several weeks ago, after the US-CERT alert, almost all the media have published a sensational news concerning potential attacks on SAP systems of the largest companies worldwide.

The news was rather shocking and raised many questions, as it turned out that SAP systems can be hacked by attackers, and what is more, it was state-sponsored Chinese hackers who did so.

Although SAP Security incidents were known since 2012 and experts have been warning about them for the last 10 years, this news stirred up public opinion much more than the previous ones. Even though because of the news a lot of people started to take SAP Security seriously, the situation still requires some clarifications. So, let’s look at the most significant incidents related to SAP Cybersecurity that happened within the last 5 years.
Read more..

Was it a real cyberattack on SAP using invoker servlet?

US-CERT alert on SAP Cyberattack

On May 11, 2016, the Department of Homeland Security published the first-ever US-CERT Alert for cybersecurity of SAP business applications.

Nonetheless, what we do know from public sources is that there were threads on some Chinese forums related to the attack. However, is there any proof? I mean, I’m absolutely sure that cybercriminals perform attacks against SAP. I also believe that we should pay more attention to them and increase awareness. But as researchers and experts to whom the industry tends to trust, when we state that there was an attack, we ought to always provide IT community with solid proofs. I was personally involved in forensic investigation of SAP systems compromise and have no doubts that attacks are real, but I can’t disclose the details, that’s why I do not advertise that dozens of systems are under attack.
Read more..

SAP Security for CISO. Part 3: SAP Cyber Security History

After we got to know what SAP is and why SAP Security is important, we are ready to take the next step, to learn a history of SAP Cybersecurity and the most significant research findings made so far. Now, in 2016 we can celebrate a kind of 10-year anniversary of REAL SAP Security, however, SAP Security dates back earlier than 2006. Let’s trace the history of SAP Security.
Read more..