A new ERP Threat Report from Onapsis and Flashpoint highlights the evolution of the SAP threat landscape over the last four years. It shows the growing maturity of this cybercriminal market and the challenges faced by defenders.

Established, professional threat actors and state-sponsored groups are targeting SAP applications ever more aggressively. Cyberattacks on SAP applications reached a new high in 2023, as reported by security companies Onapsis and Flashpoint in their report „Ch4tter: Threat Actors Attacking SAP for Profit“. The research shows a 400 per cent increase in Ransomware incidents, in which SAP systems and data at victim companies have been compromised. Ransomware groups have repeatedly modified their Malware software in recent years in order to better identify SAP applications and specifically collect or encrypt data. At the same time, more and more companies are migrating their SAP applications to the cloud, which increases the attack surface. All of these factors make it difficult for companies to protect themselves.
To protect against ransomware threats to ERP systems, organisations should implement multi-factor authentication, follow the principle of least privilege, conduct incident management drills, regularly patch and update their web-based systems and train users to recognise phishing attempts. It is crucial to use non-phishable multi-factor authentication for critical systems and cultivate a culture of security within the organisation. In addition, organisations should regularly review the security measures of their ERP systems with their vendors and consider the risks associated with outdated ERP applications, as these may be more vulnerable to security threats. Cyber insurance can provide some protection against ransomware attacks, but premiums have increased significantly and proactive measures are more effective in the long term.
