A Look Back at the 2022 ERP Security Landscape (Video)
Over the past twelve months, we’ve seen threat actors become smarter, faster, and more sophisticated with their attacks on business-critical applications. Business-critical applications, like enterprise resource planning (ERP) applications, run the global economy. If organizations cannot ensure these applications are strictly secure, they not only place their own business at risk, but also data from their partners, customers, and employees. SAP and Onapsis recently found evidence of more than 300 successful exploitation attempts against unsecured SAP applications, pointing to cybercriminals’ clear understanding of ERP applications.
From Elephant Beetle to the ICMAD vulnerabilities, let’s take a look back at some of the ERP vulnerabilities and threat intelligence of 2022, and what we can learn from it.
Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications
Log4j (CVE-2021-44228) is a remote code execution (RCE) vulnerability that enables threat actors to execute arbitrary code and take full control of vulnerable devices.The Onapsis Research Labs’ network of sensors, the Onapsis Threat Intelligence Cloud, captured 3,000+ attack attempts and observed over 50 variants within 10 days of the initial Log4j attack. With more than 30 SAP applications affected by this vulnerability, it’s important to understand the implications of the Log4j vulnerability on SAP applications and build a comprehensive vulnerability management program to protect the crown jewels of the business, SAP systems.
ICMAD SAP Cybersecurity Vulnerabilities
At the beginning of the year, Onapsis Research Labs worked with SAP Product Security Response Team to discover and patch three critical memory corruption vulnerabilities affecting SAP Internet Communication Manager (ICM). These ICMAD vulnerabilities could allow attackers to execute malicious activities on SAP users, business information, and processes — and ultimately compromise unpatched SAP applications. In this threat briefing session, SAP CISO Richard Puckett and Onapsis CEO Mariano Nunez share details on the ICMAD vulnerabilities discovered and recommendations to keep your SAP systems safe.
Onapsis’ new features and platform updates enable users to protect their business-critical ERP apps
Onapsis announced an expansion of its platform with a suite of new and enhanced ERP security capabilities.
Following Onapsis Research Labs’ recent milestone of 1,000 discovered zero-day vulnerabilities and the launch of its Threat Intel Center, these new capabilities and platform updates continue to build on their unique threat intelligence and insights to enable customers to more seamlessly and efficiently protect their business-critical ERP applications.
Given the growing complexity of the modern ERP landscape, companies often don’t know where to begin or frequently lack the deep visibility, capabilities, and knowledge to effectively analyze their ERP attack surface and understand the true risk to their organizations. As a result, digital transformation projects (such as SAP RISE, S/4HANA, and Oracle migrations) are potentially vulnerable to attack by sophisticated threat actors, and critical data (such as intellectual property or personally identifiable information) and the business itself are increasingly at risk of compromise and financial impact.
Onapsis’ new and enhanced features will provide security teams with deep visibility into their ERP attack surface and crucial insights from the Onapsis Research Labs, enabling them to more effectively prioritize, mitigate, and remediate the largest threats to their business.
“As organizations continue to evolve their ERP landscapes and expand to the cloud, they face growing challenges on how to properly secure these critical systems,” said Mariano Nunez, CEO and co-founder of Onapsis. “Our customers rely on our threat intelligence and market-leading solutions now, more than ever, to make sense of the complexity, reduce their attack surface, and protect the critical ERP applications that power their businesses. Our new and enhanced capabilities deliver huge security advantages and efficiencies that take a significant burden off of security teams and provide complete peace of mind, knowing that Onapsis is securing what matters most.”
The latest Onapsis ERP security release targets three key areas for SAP and Oracle customers:
Operationalizing the most impactful and timely global threat intelligence from the…
