US Department of Homeland Security (DHS) warns users against ERP Attack
Department of Homeland Security of America has warned users against impending cyber attacks on ERP (Enterprise Resource Planning) systems.
Homeland security is a US based national security that ensures that the area of the country within the national boundary is safe, secure and resilient against terror attacks.
The basis of this warning is the report published by Threat Intelligence firms that depicts that there has been a sudden surge in the interest of the hackers to target ERP systems who may use both hacking and DDoS (Distributed denial of Service) attacks to carry out disruption and compromise these high-value assets.
Attacks of this nature were first warned in May 2016 when the exploitation on 36 global organizational institutions was suspected through the abuse of the seven year old vulnerability in SAP applications.
What is ERP? Why cyber criminals target ERP systems?
ERP (Enterprise Resource Planning), is referred to as business management software that enables collection, management, storing, and interpretation of various aspects of business such as finances, customer accounts, finances, HR issues, product distribution, sales etc.
ERPs are web-based applications that use 3 different types of deployments – Cloud, On-Premise, Hybrid, Cloud ERP suite being the prominent among all for large companies and their subsidiaries.
Reason for ERP being a prominent target among the intruders is the data depth and richness of business related information ERP servers holds. Vast majority of large organizations have implemented from vendors such as Oracle or SAP. They rely on the products of these renowned ERP platforms like SAP Business Suite, SAP S/4 HANA and Oracle E-Business Suite/Financials to support business processes. As these processes hold important business information such as inventory, management, manufacturing, sales, logistics, billing, credit cards and Personally Identifiable Information (PII) from employees among other sensitive information, breaching ERP servers would be a feast for cyber criminals.
New Research Findings
ERP applications are being exploited by cyber criminal organizations, leveraging old vulnerabilities and acquiring SAP-HANA specific exploits. These include:
- According to the researches, there has been a 100% surge in publicly available three years old exploits for SAP and Oracle RP applications.
- From 2016 to 2017, ERP- specific vulnerabilities have seen an increase of 160%.
ERP Attack – Expanding ERP attack Surface:
Attackers are behind:
- Self hosted ERP applications that are devoid fix to the vulnerabilities known till date (recent patches).
- Cloud-based ERP applications of companies with weak security policies. This allows easy access to company’s data that can be easily breached.
Hackers are known to leverage username and password information that were leaked by Company Breaches and use the same to break into employee’s ERP account.
More than 17,000 SAP and Cloud applications have been identified to be connected to internet, running unprotected components and vulnerable versions that can be easily exploited by cyber criminals to break into unsecured accounts.
Prior to this report, ERP cyber security problems never appeared in the lime light and hence remained ignored.
Attacks launched on ERPs in the past by APTs (Advanced Persistent Threats) and criminal groups
Cloud based applications such as ERP systems have been a target of Chinese cyber-espionage groups APT10 and APT17 in the past.
Not only this, Dridex, a notorious banking Trojan was updated in 2017 to break ERP systems and SAP software to steal credentials.
Pervasive nature of these applications and dependence of businesses on ERP systems could have large economic implications. It is therefore required by businesses relying on ERP applications to be aware and adopt proper security measures to avoid any data breach.
Hits: 212
Home
