“SAP systems are prime targets for attackers because of their critical role in managing core business operations, storing sensitive data such as financial transactions, intellectual property, and personal information,” according to Chris Morgan, senior cyber intelligence analyst at ReliaQuest. “Developing an exploit that can reverse secure storage and enable integrated movement within SAP systems represents a high level of expertise and effort, thus justifying the high cost.”
For example, ReliaQuest found an exploit targeting SAP systems that was advertised on a popular cybercrime forum for around $25,000 (paid in Bitcoin) and first listed in August 2020.
This exploit is said to facilitate coordinated movement between target systems. “The post states that an exploit can use SAP Secure Storage to expose credentials, escalate privileges, and ultimately compromise more SAP systems than the target,” according to ReliaQuest.
Source link