The ‘‘Top Three Common Cyber Attack Vectors on SAP Systems’’
Cyberattaks are more and more sophisticated, various and targeted. Attackers are everywhere and are working in real-time to achieve their assignments. Our digital age are also marked by negligence and lack collaboration between critical teams.
So that one can observe that OnapsisResearch Labs can analyze thousands of vulnerabilities to identify the three ‘most
commonly used approaches for hacking into business-critical data hosted in SAP
applications, as well as disrupting key business processes’’:
1. Customer and Supplier Portal Attacks. Backdoor
users are created in the SAP J2EE User Management Engine. By exploiting
different critical vulnerabilities, the hacker can obtain access to SAP Portals
and Process Integration platforms and their connected, internal systems.
2. Direct Attacks through SAP proprietary protocols. This attack is performed by executing operating system commands under the privileges of the SAP administrator, and by exploiting vulnerabilities in the SAP RFC Gateway. The hacker is able to obtain and potentially modify any business information stored in the SAP database.
3. Customer Information and Credit Card Breaches Using Pivoting Between SAP Systems.
2. Direct Attacks through SAP proprietary protocols. This attack is performed by executing operating system commands under the privileges of the SAP administrator, and by exploiting vulnerabilities in the SAP RFC Gateway. The hacker is able to obtain and potentially modify any business information stored in the SAP database.
3. Customer Information and Credit Card Breaches Using Pivoting Between SAP Systems.
“This trend is not only continuing, but exacerbating with SAP HANA, which has brought a 450 percent increase in new security patches specifically affecting this platform. With SAP HANA positioned in the center of the SAP ecosystem, data stored in SAP platforms now must be protected both in the cloud and on-premise,” said Mariano Nunez, CEO and co-founder of Onapsis.
Connectikpeople.co recalls that Retail, oil and gas, manufacturing, pharma
and other Global 2000 organizations running critical business process in SAP
Business Suite solutions are urged to stay up to date with the latest SAP
Security Notes, and to ensure their systems are configured properly in order to
meet compliance requirements and strengthened security.
On Thursday, May 21st at 9:00am and 2:00pm EST, Onapsis CTO, Juan
Perez-Etchegoyen will be hosting a live webcast “Top Three Cyber Attacks on SAP
Systems.” For more information, or to register please visit: https://www.onapsis.com/news-and-events/webcasts/top-3-cyber-attacks-on-SAP-systems
