Companies invest billions in IT security: firewalls, XDR systems, SOCs - the protective measures for administrative areas are now typically at a high level. But while attention is focused on these areas, an overlooked danger lies dormant: SAP systems, the “black box” of corporate IT.
SAP Malware: The Gamechanger with Staggering Risk Potential
Renowned security researchers have demonstrated in several proof-of-concepts (PoCs) that SAP-specific malware can be developed without any technical problems. The threat is not hypothetical, but real: such malware can completely undermine traditional security concepts and IT infrastructures - with devastating consequences for companies.
Lateral Movement: The Silent Conquest
A compromised SAP system becomes a hub for attackers. Threat actors move unnoticed through the network via SAP's own, partially encrypted communication connections and by exploiting legitimate functions. Security solutions that protect traditional IT environments very well do not recognise these activities. The goal of the attackers is clear: the transition from IT to OT (operational technology).
From IT to OT: Your Own Supply Chain under External Control
The consequences of this unnoticed intrusion are fatal. Attackers infiltrate production facilities, logistics systems or engineering environments, while:
- Firewalls fail at the points of transition from IT to OT,
- Monitoring systems in IT remain blind to OT activities, and
- The lower level of maturity of OT security is shamelessly exploited.
The result:
- Manipulated or stolen design and machine data,
- Disruptions to critical processes,
- Massive business interruptions - all of which occur without an alarm being triggered.
Patch, latest release - unfortunately not!
Unfortunately, the up-to-date software does not help in this case! The architecture of SAP systems dates back to a time when security concepts such as “Secure by Design” and “Secure by Default” were still dreams of the future. The core technology ABAP is designed to develop and execute highly flexible and adaptable solutions directly in the system - without external compilation. However, this strength becomes a weakness: malware can hide deep within the system, replicate itself and thus circumvent countermeasures.
Conclusion: Ignoring the Situation is not an Option
The crucial question is not whether attacks on SAP systems will occur, but when. Without a holistic security strategy that protects SAP, OT and traditional IT equally, companies are putting their entire value chain at risk.
The solution is obvious. CLUE Security Services AG and CAIBERP help you to identify vulnerabilities, close gaps and, in particular, protect your OT environment from the invisible risks of the SAP “black box”. Secure your company before uninvited guests take control.
Contact us now - before it's too late.
By Michael Reiter, Clue Security Services AG