Experts Insight On CISA Advisory Regarding Attackers Targeting SAP

Cybersecurity experts commented below on recent CISA’s advisory regarding bad actors targeting critical SAP apps.

Experts Comments

April 07, 2021
Timothy Chiu
Vice President of Marketing
K2 Cyber Security

The continued attacks on these SAP applications using known vulnerabilities that have patches, is a good reminder that the easiest way to keep your organization secure is to keep software and operating systems up to date by patching in a timely manner. For organizations that don’t have the resources to keep up with patching, using a runtime application self-protection (RASP) solution is more important than ever to make sure unpatched vulnerabilities remain protected. Even NIST (National

.....Read More

The continued attacks on these SAP applications using known vulnerabilities that have patches, is a good reminder that the easiest way to keep your organization secure is to keep software and operating systems up to date by patching in a timely manner. For organizations that don’t have the resources to keep up with patching, using a runtime application self-protection (RASP) solution is more important than ever to make sure unpatched vulnerabilities remain protected. Even NIST (National Institutes of Technology and Standards) has recently revised their catalog of controls to add RASP as a part of the security and privacy framework in SP800-53 that was updated in September of 2020.

  Read Less
April 07, 2021
Scott Caveza
Research Engineer Manager
Tenable

A recent advisory from CISA warns that unpatched or misconfigured SAP systems are actively being targeted by threat actors. SAP software is used by organizations to manage critical business functions and often used to store sensitive data. By leveraging known unpatched vulnerabilities, attackers can disrupt critical processes, steal financial or otherwise sensitive data, or deploy malicious code which can lead to a major impact on affected organizations.



Over the last year, we have continued to

.....Read More

A recent advisory from CISA warns that unpatched or misconfigured SAP systems are actively being targeted by threat actors. SAP software is used by organizations to manage critical business functions and often used to store sensitive data. By leveraging known unpatched vulnerabilities, attackers can disrupt critical processes, steal financial or otherwise sensitive data, or deploy malicious code which can lead to a major impact on affected organizations.



Over the last year, we have continued to see reports from U.S. Government agencies warning of the threat of unpatched software and known vulnerabilities being targeted by threat actors.


Despite patches being available for months and even years, attackers are still finding and exploiting unpatched SAP systems. This serves as a reminder to administrators of sensitive data and applications that applying patches, mitigations, or workarounds are paramount to thwarting malicious actors looking to exploit well known vulnerabilities.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.