SAP vulnerabilities put thousands of companies worldwide at risk

A recent investigation by cyber forensics course specialists has revealed that around 50k companies running SAP company software are more likely to suffer cyberattacks due to the discovery of new methods of exploitation for some old vulnerabilities in these systems that have not been properly corrected.

SAP, a leading German software company, mentions that between 20019 and 2013, it published a guide to properly configure security updates, however, researchers showed that 90% of SAP systems are affected by vulnerabilities that have not been updated correctly.

“A company’s activities could be crippled in just seconds”, says one of the cyber forensics course specialists. “Using any of these advanced exploits, a threat actor could compromise anything related to the SAP system of a company to perform various malicious activities, such as financial fraud, unauthorized transactions or systems’ disruption”, experts added.

On the other hand, the company only commented: “In SAP we always recommend users to install updates as soon as they are released”. It is estimated that more than 90% of the world’s 2000 most important companies employ some SAP software implementation.

SAP customers, together, distribute about 80% of food and medical devices worldwide, so attacks on some of these systems could lead to critical consequences, warn cyber forensics course specialists. 

According to experts from the International Institute of Cyber Security (IICS) the main problem lies in the way SAP applications interact with each other within a company’s systems.

In some cases, if a company’s security settings are not properly configured, a malicious user might deceive one of these applications by impersonating another SAP product to gain full access without requiring login credentials.

Security specialists add that it requires a level of knowledge of hacking between intermediate and advanced to exploit some of these vulnerabilities and recommend SAP customers implement security updates soon.