SAP systems running outdated or misconfigured software are
exposed to increased risks of malicious attacks. SAP applications help
organizations manage critical business processes—such as enterprise resource
planning, product lifecycle management, customer relationship management, and
supply chain management.
On April 6 2021, security researchers from Onapsis, in
coordination with SAP, released an alert
detailing observed threat actor activity and techniques that could lead to full
control of unsecured SAP applications. Impacted organizations could experience:
of sensitive data,
of mission-critical business processes,
of all operations.
CERT Bulgaria recommends operators of SAP systems review the
Onapsis Alert Active
Cyberattacks on Mission-Critical SAP Applications for more information and
apply necessary updates.