Latest Cybersecurity Alert: SAP NetWeaver Faces Second Attack Wave Following Zero-Day Breach
Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise
SAP NetWeaver, a technical foundation which supports all SAP applications, has once again become the target of threat actors.
The popular platform is experiencing a resurgence in cyber attacks, exploiting the webshells deployed during a recent zero-day vulnerability incident.
Attack Overview
SAP NetWeaver first came under fire when a zero-day vulnerability, CVE-2020-6287, also known as ‘RECON’ (Remotely Exploitable Code On Netweaver), was discovered.
This vulnerability allowed unauthenticated attackers full access to affected SAP applications.
Now, a second wave of attacks has been detected, having been launched from the webshells established during the initial zero-day exploit.
In this second round of malicious activity, the cyber criminals are sharing and selling access to compromised SAP servers on the darknet, suggesting this may evolve into a cascading network of threats.
Threat Details
Unlike the initial attack, which had a broad range of targets, the second wave appears focused on certain industries, including governmental, manufacturing and insurance sectors.
Although the reason behind this targeted approach is not known, it further magnifies the seriousness of the issue.
Advice and Measures
SAP NetWeaver companies must act swiftly and decisively to mitigate these risks.
Immediate patching of the RECON vulnerability is of prime importance, followed by a thorough investigation to identify and remove any installed webshells.
Crimes must be reported to the relevant authorities and prompt notification of the security breach is necessary to all relevant stakeholders.
The increasing trend and sophistication of these attacks serve as a stark reminder for companies to routinely inspect their digital assets, patch vulnerabilities promptly, and employ robust cybersecurity defenses.
Awareness and vigilance can go a long way in combating these threats.
