According to a recent report by SAP and Onapsis, cybercriminals constantly target new vulnerabilities within SAP applications – days after the availability of critical security patches.
The exploitation attempts were observed after the security bugs were made public – scanning for vulnerable systems a few hours after these patches were released.
During the study, it nearly 300 exploitations of SAP-specific vulnerabilities were observed. As mentioned in the study, “New unprotected SAP applications provisioned in the cloud (IaaS) environments were discovered and attacked in less than three hours, stressing the need to “shift left” and ensure new mission-critical applications are provisioned securely from day one.”
Source: SecurityWeek