In September 2020, the attack made headlines:
A hacker attack can be fatal. Data, goods and assets aren’t the only things to consider: Human lives are at stake where public spaces, in particular public health, is concerned.
The transition of the business world to SAP S/4HANA is picking up speed: that’s why every company should start preparing an end-to-end migration strategy for the new SAP system. It is essential that this strategy consider security aspects, as well, to avoid ending up sitting on millions in subsequent costs. The solution is Threat Intelligence.
The mass e-mail campaigns sending malware are most often the vehicle bringing malware into systems. So-called “phishing” e-mails are particularly dangerous: Cyber criminals use these to “fish” for passwords and other personal information. These e-mails contain infected links or attachments and remain the most common method of distributing malware.
On January 23, 2020, news broke on one of the biggest data leaks to date in Germany. Apparently, it was possible for anyone on the Internet to gain full access to the backup of the entire database of car rental company Buchbinder. The ramifications are difficult grasp.
The Internet of Things (IoT) is both a blessing and a curse: While it offers tremendous potential benefits, it also fosters uncertainty when it comes to protecting these complex connections against unauthorized access. After all, as more things get connected to the Internet, the risk of hacker attacks also increases.
Today, cyberattacks on companies can easily cause damage in eight or even nine figures. Such attacks often take the form of spam e-mail, written with perfect spelling and grammar, that appears to have been sent by a colleague or a friend. The recipient is usually instructed to click a link or enter a password. And then it’s already too late: The malware spreads throughout the company. With the right cybersecurity strategy, on the other hand, you are well prepared.
(A guide of the less serious sort.)
Let’s be honest right off the bat: There’s a lot of hype in the media about IT security in general and SAP security in special these days. But is there really anything behind it? Those headlines about millions of data records going missing always affect someone else – whether it’s Equifax across the pond or the big tech companies that have been infiltrated by organized groups of Chinese hackers. It’s all alarmist nonsense!
In spite of the hype surrounding the cloud, the on-premise model in which customers run their own SAP software is still the norm. However, that doesn’t rule out a service provider handling part of the operations; indeed, hosting is a widely used model, particularly among SMEs. While the roles at hand are usually clearly assigned in a hosting model like this, the same unfortunately doesn’t always apply to SAP system security.
(Partner blog post of SERPENTEQ GmbH)
On April 19, 2019, at the OPCDE Cyber Security conference in Dubai, security researchers Dmitry Chastuhin and Mathieu Geli gave a presentation called “SAP gateway to Heaven”. They re-visited two configuration issues (related to SAP Gateway and SAP Message Server) that have been known for many years and for which detailed security guidelines have been available for years. Now the researchers applied some admirably creative thinking to combine them.
Since May 2, 2019, the market for SAP security has known only one topic: the 10KBLAZE exploit toolkit, which has even prompted a warning from the U.S. Department of Homeland Security. Upon closer examination, however, it quickly becomes apparent that there’s not much news to report.
