The U.S. Department of Homeland Security issued an alert Wednesday morning warning that cybercriminals are targeting SAP and Oracle’s enterprise resource planning (ERP) software.
The warning is based on new threat intelligence from the dark web revealing a dramatic rise in cyber attacks on ERP systems thanks to more than 9,000 known security vulnerabilities. For this reason, cybercriminals, nation-state actors and hacktivists are expanding their operations and campaigns to target these high-value assets, according to a threat report from vendors Digital Shadows and Onapsis.
Some 17,000 applications have been found to be exposed, the report said, with thousands of organizations across a multitude of verticals and countries directly at risk of espionage, sabotage and financial fraud.
’Threat actors are continually evolving their tactics and targets to profit at the expense of organizations,’ Rick Holland, Digital Shadows’ CISO and VP of Strategy, said in a statement. ’On the one hand, with the type of data that ERP platforms hold, this isn’t shocking. However, we were surprised to find just how real and severe this problem is.’
Neither company immediately responded to a request for comment.
Bad actors have engaged both in hacking as well as distributed denial of service (DDoS) attempts to compromise and disrupt the operations of high-value ERP assets, according to the report. Today’s US-CERT (United States Computer Emergency Readiness Team) alert comes two years after the team warned about a significant threat associated with the abuse of an old vulnerability in SAP applications.
Specifically, Digital Shadows and Onapsis found that there’s been a 100 percent increase in the number of publicly-available exploits for SAP and Oracle ERP applications over the last three years, as well as a 160 percent jump in activity and interest around ERP-specific vulnerabilities from 2016 to 2017.
As a result, the report said bad actors have expanded their tactics, techniques and procedures to specifically target ERP applications. For instance, hacktivist groups such as those affiliated with Anonymous have targeted ERP platforms in more than nine operations since 2013 in hopes of penetrating and disrupting them.
For nation-states, meanwhile, compromising ERP applications offers the opportunity to access highly-sensitive information and disrupt critical business processes. In addition, well-known malware kits such as Dridex have been evolved to steal user credentials and data from ERP application sitting behind the firewall.
The research also discovered 545 SAP configuration files publicly exposed on misconfigured FTP and SMB. This makes it easier for attackers to locate sensitive files on an organization’s network, thereby reducing the effort required once bad actors gain access.
The ERP attack surface continues to expand, meanwhile, as cloud, mobile, and digital transformation efforts gain more traction, according to the threat report. More than 17,000 SAP and Oracle ERP applications were found to be exposed on the internet, many of which were running vulnerable versions or unprotected components.
And researchers have found that threat actors have been actively sharing information to take advantage of this opportunity.
The vast majority of large organizations rely on products like SAP Business Suite, SAP S/4HANA and Oracle E-Business Suite/Financials to support business processes such as payroll, treasury and inventory management. But prior to Wednesday’s report, cybersecurity issues associated with ERP had been largely ignored due to the lack of publicly-disclosed breaches and information about threat actors.
’By showing how these applications are being actively targeted by a variety of threat actors across different geographies and industries, we hope to overcome the misconceptions in the industry,’ Juan Pablo Perez-Etchegoyen, Onapsis CTO, said in a statement.
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

EPOS
EPOS

Products of the Year Showcase

HubStor
Cloud Backup 360

Fujifilm
Fujifilm

Dell Technologies
Dell Technologies Storage Learning Center

Mimecast
Mimecast

Comcast
Comcast Business Learning Center

Dell Technologies
Dell Technologies Server Learning Center

WatchGuard
WatchGuard

Bitdefender
Cybersecurity 360

Carbonite
Cloud Storage 360

Application Integration 360

Hitachi Vantara
Hitachi Vantara

Sophos
Sophos Cybersecurity Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Trend Micro
Managed Security 360

Tenable
Cyber Risk 360

Webroot
Webroot Learning Center

NPD
Industry Trends 360

BlackBerry
BlackBerry Learning Center

Symantec
Symantec Business Security Learning Center

Sherweb
Sherweb

Acer
Remote Workforce 360

APC by Schneider Electric
Digital Services for Edge Learning Center

Veeam
Veeam

VMware

Channel Chief Showcase

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

eSentire
Managed Detection and Response 360

Comm100
Industry Trends 360
