A concerning trend has emerged as malicious hackers intensify their focus on compromising SAP applications, as revealed in a recent report by cybersecurity firms Onapsis and Flashpoint. The surge in attacks can be attributed to the growing adoption of SAP applications in cloud environments, coupled with the heightened ability of adversaries to exploit misconfigurations and security vulnerabilities across cloud and on-premises setups. Over the past three years, ransomware attacks against SAP systems have skyrocketed by 400%, mirroring the increased value brokers are willing to pay for exploits targeting SAP vulnerabilities, according to the report.
The report also sheds light on the alarming rise in discussions surrounding SAP flaws and exploits on hacker forums, with a staggering 490% increase in chatter related to SAP vulnerabilities. Notably, discussions concerning SAP-specific cloud and web services have surged by 220%, indicating a shift in attacker tactics to capitalize on vulnerabilities in modern SAP deployments. Threat actors of varying sophistication levels, including high-profile groups like APT10, FIN7, FIN13, and Cobalt Spider, have been observed exploiting SAP vulnerabilities to launch targeted attacks across diverse industry verticals.
The attractiveness of SAP applications as lucrative targets for cybercriminals is further underscored by the software giant’s extensive customer base, which includes over 400,000 organizations globally, including the majority of the world’s largest companies. With threat actors eyeing high-profile targets for potential data theft, financial fraud, and ransomware extortion, the stakes have never been higher for organizations relying on SAP solutions.
In response to the heightened threat landscape, exploit acquisition firms are offering substantial rewards for SAP vulnerabilities, with prices soaring for remote code execution (RCE) flaws and exploits. Additionally, dark web conversations reveal a concerning trend of threat actors discussing not only SAP vulnerabilities but also instances of successful compromises involving SAP products. The report emphasizes the critical importance of securing SAP applications comprehensively, urging organizations to prioritize not only operating system and endpoint security but also application-level defenses to mitigate the evolving threat posed by cybercriminals targeting SAP ecosystems.
