Cyber attackers building capabilities to attack Oracle and SAP, report warns
ERP systems are increasingly becoming a target for hackers, according to security researchers.
A report from Digital Shadows and security solution developer Onapsis has detailed the growing risk to ERP systems from hackers looking for financial gain or to cause business disruption.
Business applications such as ERP have not traditionally been a major target for hackers, but the research shows a build-up of interest in exploits and vulnerabilities related to ERP from the hacking community, indicating that hackers are moving up the stack into the application layer.
The report authors warn that this increased focus, coupled with weak security around ERP, in part because of the small number of previous attacks, mean that many corporations could be leaving their most important systems open to attack.
“The implications of this research go beyond the risk to individual companies. Based on the observed threat actors, the pervasive nature of these applications in the world’s largest organisations and the dependence on them for the execution of business-critical processes, wide-scale attacks on ERP applications could also have macroeconomic implications,” the report notes.
The research ‘ERP Applications Under Fire: How cyber attackers target the crown jewels’ looks primarily at SAP and Oracle E-Business Suite, based on research and threat intelligence captured across the open, deep and dark web, as well as Onapsis’ ERP incident response and forensics engagements.
There have been several publicised attacks against ERP systems, the report notes, including a May 2016 warning from the US Department of Homeland Security (DHS) CERT r that at least 36 global organisations were being exploited through the abuse of a specific, five-year-old SAP vulnerability.
Onapsis and Digital Shadows say that the mission-critical nature of ERP systems make them targets for different groups – financially motivated hackers are looking to steal sensitive data from ERP systems, while political hacktivists are seeking to disrupt systems, particularly using denial of service attacks. Such DoS attacks against ERP have already been launched by ‘Anon’ related groups several times. Meanwhile, nation state actors may be looking at both espionage and disruption.