New Video from @BlackHatOfficialYT Highlights Growing Threats to SAP Systems
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
In this video, Ivan Jer, SAP security specialist at Onapsis, presents an in-depth analysis of four years of threat intelligence data, highlighting vulnerabilities and the growing interest of malicious actors in SAP systems. Ivan begins by emphasizing the critical importance of SAP systems for businesses, often described as the backbone of business operations. He uses an analogy with the real-time strategy game Warcraft 3 to illustrate the importance of information gathering and adapting security strategies.
Ivan explains that interest in SAP vulnerabilities significantly increased in 2021, largely due to the publication of two public exploits on GitHub, named Recon and Solman. These exploits allowed malicious actors to better understand and exploit SAP systems. Additionally, a major incident involving a financial company in South America, where attackers exploited an SAP vulnerability to perform fraudulent money transfers, highlighted the lucrative potential of these attacks. This incident served as a precedent, showing malicious actors that SAP systems can offer a significant return on investment.
The video also explores the different groups of malicious actors interested in SAP systems. Among them are well-known financial groups like FIN13 and FIN7, as well as groups like Cobalt Spider, which target point-of-sale systems. Ivan also mentions state actors like APT10, known for espionage, and script kiddies, who use public exploits without really understanding their functionality. This diversity of interests shows that SAP, due to its wide range of applications, attracts the attention of many types of threats.
Another crucial point addressed is the monetization of SAP vulnerabilities. Ivan shows how the prices of SAP zero-days have significantly increased, rising from $50,000 in 2020 to $250,000 in 2024. This increase reflects the confidence of malicious actors in the potential financial gain and the growing difficulty of finding new vulnerabilities. Ivan also shares a personal anecdote where he was approached to sell SAP vulnerabilities, highlighting the growing interest in this information. In terms of practical implications, Ivan stresses the importance of considering SAP applications as potential targets.
He emphasizes that malicious actors do not just exploit systems exposed to the Internet but also seek to perform lateral movements once inside the network. He recommends securing SAP systems comprehensively and ensuring that all known vulnerabilities are patched. In conclusion, this video offers valuable insights into the evolution of threats against SAP systems and the necessary measures to protect them. It highlights the importance of vigilance and continuous adaptation of security strategies to face increasingly sophisticated adversaries. To learn more, watch the full video here: https://www.youtube.com/watch?v=cIG8NZhodpg