50,000 SAP customers are currently vulnerable to hacks due to software misconfiguration

The vulnerabilities could be prevented if customers simply followed guidance set by SAP more than five years ago

SAP logo

Up to 50,000 businesses that use SAP software are at risk of becoming victim to a cyber attack due to misconfigured software, according to research.

The new critical exploits discovered by cyber security firm Onapsis on 23 April and dubbed '10KBLAZE' would allow a hacker to abuse a misconfiguration in SAPNetWeaver installations as well as S4/HANA to assume complete control of a system without the need for a valid SAP user ID and password.

Advertisement - Article continues below

The company said that after a 10-year examination of publicly available information, 90% of the 1,000,000 SAP systems that are live right now are running the potentially vulnerable equipment.

SAP released guidance to its customers in 2009 and 2013 which outlined how to properly configure the SAP software to protect against security vulnerabilities. But the latest report shows how many businesses have taken these security warnings with a grain of salt.

"The onus is on service providers and customers to implement, enforce and monitor tighter security controls on the systems," said Mariano Nunez, CEO and co-founder, Onapsis. "This can be very challenging and take significant resources, but the stakes are simply too high not to make the suggested configuration changes."

SAP is a global powerhouse in software development and its products are relied upon by many of the world's leading businesses. Up to 90% of the world's top 2,000 businesses use SAP software to some degree in their infrastructure.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

SAP customers collectively distribute 78% of the world's food and 82% of the world's medical devices, according to the company's website. Attacks on these companies could prove to be catastrophic to the global supply chain.

"With these exploits, a hacker could steal anything that sits on a company's SAP systems and also modify any information there - so he can perform financial fraud, withdraw money, or just plainly sabotage and disrupt the systems," Nunez told Reuters.

"SAP is aware of recent reports about vulnerabilities in SAP Gateway and Message Server, however, these have been patched by SAP a few years ago," said an SAP spokesperson. "Security notes 821875,1408081 and 1421005 released in 2009 and 2013 will protect the customer from these exploits. As always, we strongly advise our customers to apply these security notes immediately and ensure secure configuration of their SAP landscape."

SAP has reported strong growth this year after its Q4 report released in January revealed a 9% revenue growth, primarily attributed to the company's SaaS offerings as legacy products dwindled.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/security/ethical-hacking/356252/poorly-secured-banking-apps-lead-to-cyber-threats
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
vulnerability

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Visit/security/34616/the-top-password-cracking-techniques-used-by-hackers
Security

The top 12 password-cracking techniques used by hackers

12 Jun 2020