Experts Insight On CISA Advisory Regarding Attackers Targeting SAP

The continued attacks on these SAP applications using known vulnerabilities that have patches, is a good reminder that the easiest way to keep your organization secure is to keep software and operating systems up to date by patching in a timely manner. For organizations that don’t have the resources to keep up with patching, using a runtime application self-protection (RASP) solution is more important than ever to make sure unpatched vulnerabilities remain protected. Even NIST (National Institutes of Technology and Standards) has recently revised their catalog of controls to add RASP as a part of the security and privacy framework in SP800-53 that was updated in September of 2020.

A recent advisory from CISA warns that unpatched or misconfigured SAP systems are actively being targeted by threat actors. SAP software is used by organizations to manage critical business functions and often used to store sensitive data. By leveraging known unpatched vulnerabilities, attackers can disrupt critical processes, steal financial or otherwise sensitive data, or deploy malicious code which can lead to a major impact on affected organizations.

Over the last year, we have continued to see reports from U.S. Government agencies warning of the threat of unpatched software and known vulnerabilities being targeted by threat actors.

Despite patches being available for months and even years, attackers are still finding and exploiting unpatched SAP systems. This serves as a reminder to administrators of sensitive data and applications that applying patches, mitigations, or workarounds are paramount to thwarting malicious actors looking to exploit well known vulnerabilities.