DHS US-CERT issues first public alert on cyber-attacks to SAP systems

What: This morning the first-ever US-CERT Alert for cybersecurity of SAP business applications (“Exploitation of SAP Business Applications,” TA16-132A) was released by the Department of Homeland Security (DHS) to forewarn the cybersecurity community about the significance and implications of an SAP vulnerability, which was patched by SAP over five years ago, that is being leveraged to exploit SAP systems of many large-scale global enterprises.

SAP systems run the world’s largest organizations and house their “crown jewels” and most critical data and business processes – including customer data, product pricing, financial statements, employee information, IP, supply chains, business intelligence, budgeting, planning and forecasting. Because SAP systems are a high-impact economic target, DHS is releasing a special Alert instead of a regular advisory - one of only of three of its kind this year (following on “Apple Ends Support for QuickTime for Windows,” TA16-105A and “New Vulnerabilities Announced and “Ransomware and Recent Variants,” TA16-091A).
Onapsis Research Labs has released a threat report detailing this vulnerability, the potential impact to an organization if it is exploited, as well as the mitigation steps to ensure an organization is not at risk. 
When: Wednesday, May 11, 9am ET

Why: Although it is widely speculated that SAP systems have been exploited in several major breaches (including the USIS breach), this is the first time that SAP-related exploitations have been publicly confirmed and reported.

In its threat report “Tip of the Iceberg: Wild Exploitations & Cyber-Attacks on SAP Business Applications,” Onapsis Research Labs discovered indicators of unauthorized exploitation of SAP vulnerabilities at 36 global enterprises that are located in, or are co-owned by corporations, in the United States, United Kingdom, Germany, China, India, Japan, and South Korea. These enterprises span a number of industries including Oil & Gas, Telecommunications, Utilities, Retail, Automotive, Life Sciences, Consumer Products, Chemicals, High Tech, Engineering Construction, Operations, Industrial Machinery and Components, Public Sector, and Higher Education.

While many threat reports disclose security incidents as the result of nation-state sponsored cyber campaigns, in this case, indicators had been silently sitting in the public domain for several years, until now. Onapsis regards these indicators as just the tip of the iceberg as well as an irrefutable answer to the question, “are SAP applications being attacked?” 
Who: As the leading provider of SAP and Oracle cybersecurity research and solutions, Onapsis is exclusively focused in securing these business-critical applications. As an SAP partner and the first to lecture on advanced SAP cyber threats, Onapsis experts have helped SAP by discovering, reporting and helping to mitigate more than 250 security vulnerabilities in SAP software, enabling SAP and its customers be more secure from the increasing risk of cyber-attacks.