A recent investigation by cyber forensics course specialists has revealed that around 50k companies running SAP company software are more likely to suffer cyberattacks due to the discovery of new methods of exploitation for some old vulnerabilities in these systems that have not been properly corrected.
SAP, a leading German software company,
mentions that between 20019 and 2013, it published a guide to properly
configure security updates, however, researchers showed that 90% of SAP systems
are affected by vulnerabilities
that have not been updated correctly.
“A company’s activities could be crippled
in just seconds”, says one of the cyber forensics course specialists.
“Using any of these advanced exploits, a threat actor could compromise anything
related to the SAP system of a company to perform various malicious activities,
such as financial fraud, unauthorized transactions or systems’ disruption”,
experts added.
On the other hand, the company only commented: “In
SAP we always recommend users to install updates as soon as they are released”.
It is estimated that more than 90% of the world’s 2000 most important companies
employ some SAP software implementation.
SAP customers, together, distribute about 80%
of food and medical devices worldwide, so attacks on some of these systems
could lead to critical consequences, warn cyber forensics course specialists.
According to experts from the International
Institute of Cyber Security (IICS) the main problem lies in the way SAP
applications interact with each other within a company’s systems.
In some cases, if a company’s security settings
are not properly configured, a malicious user might deceive one of these applications
by impersonating another SAP product to gain full access without requiring login
credentials.
Security specialists add that it requires a level
of knowledge of hacking between intermediate and advanced to exploit some of
these vulnerabilities and recommend SAP customers implement security updates
soon.
