NCCIC Alert: New Exploits for Unsecure SAP Systems

The U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) has issued an alert in response to recently disclosed exploits that target unsecure configurations of SAP components. According to the alert, a presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet, as it is an untrusted network. Malicious cyber actors can attack and compromise these unsecure systems with publicly available exploit tools, termed “10KBLAZE.” The presentation detailed the new exploit tools and reports on systems exposed to the internet. The alert contains additional technical details and recommended measures for SAP system administrators to mitigate the vulnerabilities. Read the alert at NCCIC/US-CERT.