Numerous mid-size and large enterprises rely their critical business operations on the use of the comprehensive and complex SAP platform. Therefore, it is critically important to note the findings of the ‘2022 Global Threat Intelligence Report’ by NTT Security Holding and to make sure that the organization’s cybersecurity strategy is covering the SAP landscape and reflects the continuously changing threat landscape.
Why Cybersecurity for SAP Applications?
A Year of More Sophisticated and Substantial Threats
A dynamically evolving threat landscape comprised of determined cyber adversaries, innovative tools and refined techniques are challenging the status quo. With COVID-19 pandemic and mounting supply-chain disruptions impacting business continuity, companies – now more than ever – are looking for cybersecurity partners to navigate this landscape.
According to NTT Security Holdings 2022 Global Threat Intelligence Report 2021 was a year of more sophisticated and substantial threats. The report is based on analysis of log, event, attack, incident and vulnerability data from 1500 enterprise customers and over 800 billion logs processed per month and forms a trustworthy insight to the ever-developing cyber threat landscape.
The report emphasizes 5 global key findings all of which are of relevance to the successful daily business operations based on SAP and exemplifies why SAP application security is essentially important to the organization’s cybersecurity strategy.
The 5 Global Threat Intelligence Findings
1. Attacks Shift to Critical Infrastructure and Supply Chains
COVID-19 and digital transformation caused a shift across the threat landscape. More recently, geo-political tensions and ongoing supply chain disruption have affected industry targeting. Attacks more than doubled in the technology, telecommunications, and transport and distribution sectors.
The comprehensive and complex SAP landscape often represent the majority or at least a very significant portion of the critical infrastructure and a key component of supply chain business support.
2. Cloud Migration Is Shaping Global Attacks
Migration to cloud environments helped mitigate attacks targeting platforms and network services. Over the past few years, these attacks dropped as cloud providers strengthened their infrastructure and security platform-enabled services. Supported applications, however, continue to be under control of the client organization. The NTT Security Holdings analysis indicates the percent of web-application (42%) and application-specific (30%) attacks continues to rise.
Regardless whether SAP represents only the application specific element or also serves as the web-application frontend, the significant increase of attacks is worrying and calls for action to ensure a solid SAP Applications cybersecurity strategy.
3. Diversifying Target Scope and Attack Intensity
NTT observed about a 30% increase in hostile activity targeting clients, led by attacks against applications and network infrastructure, along with denial of service and brute-force attacks. Attack volumes increased for 7 of the top 10 most targeted industries with web-application attacks and application-specific attacks up in most industries and nearly every geographic region. The relative rate of attacks targeting all top three industries dropped, indicating more industries experienced sustained elevated levels of hostile activity.
Although the recent Log4j vulnerabilities were not disclosed until late December 2021, Log4j became the 8th most targeted technology for the entire year, and the most targeted that month.
When it comes to proper management for SAP security vulnerabilities it is and has traditionally been a heavy burden, which calls for a changed strategy to enable implementation of critical security patches from SAP released on a monthly basis. SAP specific security technology is required to keep up with the pace. Further, due to the dependency of the vulnerabilities of surrounding infrastructure, SAP real-time threat detection is crucial.
4. Trojan Deployments Soar as Botnets Re-Emerge
Trojans accounted for 65% of malware in 2021, up from 35% in 2020. Trojans were five of the top 10 most common malware globally, five of the top 10 in every region, and five of the top 10 in almost every industry. Overall, NTT Security Holdings observed a 50% increase in detected malware led by Trojans and botnets during 2021. Increased use of banking Trojans indicates a rise in cybercriminal activity, while increased use of other Trojans suggests a rise in espionage and theft of trade secrets. This indicates attackers’ desire to increase control over an environment by maintaining long-term persistence.
Advanced SAP specific security technology with the capability to identify 0-day attacks and critical anomalies within SAP, is crucial to defend the business-critical SAP landscape from the effects of Trojans unauthorized control. Further, response time to these types of security events is crucial to minimize damage and require alerting of the organizations 24/7 security operations center.
5. Ransomware Prevalence Impacting Business Continuity
24% of all incident response engagements with NTT’s Digital Forensics and Incident Response team in 2021 were related to ransomware – a 240% growth from 7% in 2019. Such activity indicates organizations are increasingly challenged defending and responding to ransomware incidents. The most common method attackers use to infect organizations is via email containing malicious links or attachments.