Shane Chambers No Comments

Cyber criminals are beginning to target Enterprise Resource Planning (ERP) applications, with the aim of disrupting and stealing data from large companies, according to reports from both security experts and the US government. According to a recent report from security companies Digital Shadows and Onapsis, hacktivists and state-sponsored groups in particular and looking to exploit flaws in platforms provided by Oracle and SAP.

SAP and Oracle are believed to be the biggest targets due to long-running security vulnerabilities

“ERP applications are being actively targeted by a variety of cyber-attackers across different geographies and industries,” the report reads. “Traditional controls of ERP application security such as user identity management and segregation of duties are ineffective to prevent or detect the observed TTPs used by attackers.”

The report, which you can read in full here, has received the full support of the US Department of Homeland Security. The report shows a dramatic rise in cyber attacks on widely used ERP applications such as SAP and Oracle, which currently have a combined total of 9,000 known security vulnerabilities.

Attackers have been using a variety of methods, including Distributed Denial of Service (DDoS), to disrupt organisations using the platform and to steal data, potentially to leverage them in extortion cases or to re-sell on the dark web.

Last year, Gartner analyst Neil McDonald predicted that shrewd and financially motivated criminals would turn to targeting applications directly as the best way to breach large companies. “In many organisations, the ERP application is maintained by a completely separate team and security has not been a high priority. As a result, systems are often left unpatched for years in the name of operational availability,” he wrote.

It is believed that because ERP applications are so heavily relied upon by the companies that use them that security is being neglected, which, along with increased exposure to the internet and the cloud, has made them a much more attractive target for hackers.

In addition to criminals looking to steal data, other hackers are looking to take advantage of the vulnerabilities in order to mine crypto-currencies. The report goes on to state that “SAP servers are known to have high cores”, which made them a particularly desirable target for those look to mine crypto-currency, with one 2017 incident allowing a hacker to make over €193,000 before being discovered.

“Threat actors are continually evolving their tactics and targets to profit at the expense of organisations,” said Rick Holland, CISO and vice-president of strategy at Digital Shadows. “On the one hand, with the type of data that ERP platforms hold, this isn’t shocking. However, we were surprised to find just how real and severe the problem is.”

While this latest trend focuses on applications used by larger organisations, we have also seen an uptake in attacks on any widely-distributed software that hackers are able to plant their malicious code on, in an attempt to breach multiple organisations at once. Large or small, it is incredibly important to ensure that all applications in use are regularly patched and are up-to-date with all security patches.