News
Elephant Beetle Vulnerability Steals Millions of Dollars from Enterprises
January 2022 by Juan Pablo Perez-Etchegoyen, CTO at Onapsis
In response to the Elephant Beetle vulnerability that is stealing millions of dollars from enterprises around the world, the commentary from Juan Pablo Perez-Etchegoyen, CTO at Onapsis :
“This research further confirms that threat actors understand SAP applications and that they are leveraging SAP-specific exploits and techniques to compromise companies with the ultimate goal of exfiltrating data and performing financial fraud.”
“Some of the vulnerabilities identified by the Sygnia research team were highlighted by CISA in 2016, through the technical alert TA16-132A, due to the vast exploitation and compromise of internet-facing SAP applications performed by diverse threat actors. This was followed by four other CISA technical and current activity alerts in the successive years.”
“Given this research published by Sygnia, combined with some of the latest threat intelligence provided by SAP and Onapsis, it is of utmost importance for organizations to strengthen their SAP security processes, incorporating SAP within their vulnerability management and incident response processes to make it harder for threat actors to perform that initial compromise.”
