The ‘‘Top Three Common Cyber Attack Vectors on SAP Systems’’





Cyberattaks are more and more sophisticated, various and targeted. Attackers are everywhere and are working in real-time to achieve their assignments. Our digital age are also marked by negligence and lack collaboration between critical teams.

So that one can observe that  OnapsisResearch Labs can analyze thousands of vulnerabilities to identify the three ‘most commonly used approaches for hacking into business-critical data hosted in SAP applications, as well as disrupting key business processes’’:
1.    Customer and Supplier Portal Attacks. Backdoor users are created in the SAP J2EE User Management Engine. By exploiting different critical vulnerabilities, the hacker can obtain access to SAP Portals and Process Integration platforms and their connected, internal systems.
2.    Direct Attacks through SAP proprietary protocols. This attack is performed by executing operating system commands under the privileges of the SAP administrator, and by exploiting vulnerabilities in the SAP RFC Gateway. The hacker is able to obtain and potentially modify any business information stored in the SAP database.
3.    Customer Information and Credit Card Breaches Using Pivoting Between SAP Systems.


“This trend is not only continuing, but exacerbating with SAP HANA, which has brought a 450 percent increase in new security patches specifically affecting this platform. With SAP HANA positioned in the center of the SAP ecosystem, data stored in SAP platforms now must be protected both in the cloud and on-premise,” said Mariano Nunez, CEO and co-founder of Onapsis.


Connectikpeople.co recalls that Retail, oil and gas, manufacturing, pharma and other Global 2000 organizations running critical business process in SAP Business Suite solutions are urged to stay up to date with the latest SAP Security Notes, and to ensure their systems are configured properly in order to meet compliance requirements and strengthened security. 

On Thursday, May 21st at 9:00am and 2:00pm EST, Onapsis CTO, Juan Perez-Etchegoyen will be hosting a live webcast “Top Three Cyber Attacks on SAP Systems.” For more information, or to register please visit: https://www.onapsis.com/news-and-events/webcasts/top-3-cyber-attacks-on-SAP-systems

Popular Posts