Cybersecurity Fail: How Not to Be the Next Equifax

Oct 30, '17 by Joerg Schneider-Simon

October is cybersecurity awareness month. We look at Equifax’s cybersecurity nightmare and how your SAP system may put you at similar risk.

It has been only about a month since Equifax went public with news of a security breach that affected over half of the adults in the U.S., and no small number of people in Canada and the U.K.  If that wasn’t bad enough, however, now comes news that visitors to the site were directed to fake Flash update ads that downloaded malware.

It’s a blunder of nightmarish proportions. First, consumers found out (months after it was discovered, remember) that hackers had accessed their names, dates of birth, Social Security numbers, addresses, and credit account numbers. Of course, many then visited the Equifax site to find out if they were affected or to sign up for identify theft alerts, only to be redirected to sites that would install malware via drive-by-downloads.

If the news made you look a little more closely at your own cybersecurity, you’re not alone. The question is: are you also looking at your SAP system?

Is Your SAP Application Spreading Malware?

You might be looking askance at Equifax and thinking, “That won’t happen to us.” After all, you have robust anti-malware solutions deployed at the server and the Web-gateway and a team of experts who monitor them like highly caffeinated hawks.

And yet, there could be malware sitting in your data store right this second, just waiting to be accessed and unleashed upon unsuspecting users accessing one of your business-critical SAP applications.

It happens because no matter how powerful your operating system’s security software, it does not — cannot — cover SAP. 

Why Your SAP Might Be Vulnerable to Malware

SAP integrates itself so well into users’ day-to-day — especially with modern SAP FIORI and UI5-based user interfaces — it’s easy to forget that it’s a completely separate system with completely different rules.

You already know how anti-virus programs work: they perform real-time and scheduled scans, some also provide enhanced features like heuristic detection and sandboxing.  More advanced ones also provide vulnerability shielding and process protection.

However, the AV program can’t protect against threats it can’t see. And as far as your OS-level AV is concerned, your SAP system is akin to a lead box.

Here’s why:

  • Public-facing applications in SAP allow outside users to upload files. This is done via an encrypted connection, which, in most cases, prevents the Web-gateway anti-virus from scanning the file while it’s being transferred.
  • Once uploaded, the file is stored in the SAP data store, which is not part of your standard disk volume. Anti-virus software can’t scan those volumes.
  • The malware isn’t being run, it doesn’t get executed on the protected server, and therefore remains undetected by process monitoring solutions, designed to catch malware as soon as it RUNS. Instead, the infected file sits quietly in the SAP data store until it’s unwittingly retrieved as part of a business process and executed. From there, it can easily infect the client with viruses, backdoors, ransomware, and more.

And to make things even trickier, SAP’s virus scan interface (NW-VSI) is in no way compatible with standard anti-virus programs. You can no more protect SAP with standard anti-virus programs than you can protect your head from the rain by using rubber boots. Instead, a security solution that is designed specifically for SAP, like bowbridge’s Anti-Virus for SAP Solutions, will provide just the right fit to keep your SAP system and applications free from cyberthreats.

Years from now, Equifax will be used as a cautionary tale handed down to all fledging cybersecurity professionals. Nobody wants to have malware sitting in their own SAP data stores, ready to turn them into the next “Company in Disgrace” Forbes story. And with the right solution, they don’t have to be.

Learn more about the SAP security threats that can hide in external content uploads — watch our on-demand webinar.


View our Webinar: SAP Security Threats Hidden in PDF Uploads