New Report Reveals Evidence That ERP Applications are Under Attack by Cybercriminals, Hacktivists and Nation-state Actors
New research from leading digital risk management firm Digital
Shadows and ERP cybersecurity and compliance firm Onapsis
reveals evidence that the business-critical applications running the
biggest organizations in the world are under attack. The
report shows a dramatic rise in cyberattacks on widely-used enterprise
resource planning (ERP) applications such as SAP and Oracle - which
currently have a combined 9,000 known security vulnerabilities.
The report also highlights an increase in attacks on these systems by
nation-state actors, cybercriminals and hacktivists that include both
hacking and distributed denial of service (DDoS) attempts to compromise
and disrupt the operations of these high-value assets. This convergence
of threats puts thousands of organizations and their crown jewels
directly at risk of espionage, sabotage and financial fraud.
This research is considered so critical that the Department
of Homeland Security's United States Computer Emergency Readiness Team
(US-CERT) issued an alert today warning of the risk of these ERP
application attacks. Attacks of this nature were first warned about in
May 2016 when the US-CERT
issued an alert advising of a significant threat that included the exploitation
of 36 global organizations through the abuse of a then five-year-old
vulnerability in SAP (News - Alert) applications. These warnings have been proven to be
prescient with the new research revealing:
-
Cybercriminal organizations are exploiting ERP applications,
leveraging known vulnerabilities and targeting high-value assets such
as SAP HANA
-
A 100 percent increase in the number of publicly-available
exploits for SAP and Oracle (News - Alert) ERP applications over the last three
years
-
A 160 percent increase in the activity and interest in
ERP-specific vulnerabilities from 2016 to 2017
-
Well-known hacktivists and cyber criminal groups are expanding their
tactics, techniques and procedures (TTPs) to now specifically target
ERP applications
-
Hacktivist groups, such as those affiliated with the Anonymous
collective, have expanded their operations to inlude penetrating
and disrupting mission-critical ERP platforms, having targeted
these platforms in over nine operations since 2013
-
Well-known malware kits such as Dridex are being evolved to steal
user credentials and data from behind-the-firewall ERP applications
-
Nation-state affiliated actors have been attributed for the
compromise of ERP applications in order to access highly-sensitive
information and/or disrupt critical business processes
-
Third parties and employees are exposing information that can provide
highly valuable to sophisticated actors. The research discovered 545
SAP configuration files publicly exposed on misconfigured FTP and SMB.
These provide valuable information for attackers to locate sensitive
files on organizations' networks, greatly reducing effort once they
gain access to an organization's network
Furthermore, cloud, mobile and digital transformations are rapidly
expanding the ERP attack surface. More than 17,000 SAP and Oracle ERP
applications were found to be exposed on the internet, many running
vulnerable versions and unprotected components, and threat actors are
actively sharing information to take advantage of this opportunity.
The vast majority of large organizations have implemented ERP
applications from vendors such as SAP and Oracle, relying on products
like SAP Business Suite, SAP S/4HANA and Oracle E-Business
Suite/Financials. They rely on these applications to support business
processes such as payroll, treasury, inventory management,
manufacturing, financial planning, sales, logistics, billing and hosting
data such as financial results, manufacturing formulas, pricing,
critical intellectual property, credit cards and personally identifiable
information (PII) from employees, customers and suppliers, among other
sensitive information.
Prior to this report, the ERP cybersecurity problem had remained largely
ignored due to the lack of publicly-disclosed breaches and information
about the threat actors in what was considered by many information
security teams to be a complex and obscure domain.
"Threat actors are continually evolving their tactics and targets to
profit at the expense of organizations. On the one hand, with the type
of data that ERP platforms hold, this isn't shocking. However, we were
surprised to find just how real and severe the problem is," said Rick
Holland, CISO and VP of Strategy at Digital Shadows.
"This collaboration with Digital Shadows provides a breadth and depth of
threat intelligence that is unprecedented," said Juan Pablo
Perez-Etchegoyen, CTO at Onapsis. "By showing how these applications are
being actively targeted by a variety of threat actors across different
geographies and industries, we hope to overcome the misconceptions in
the industry and help CIOs, CISOs and their organizations head off and
manage the risk of wide-scale attacks on ERP applications, which could
have a devastating impact, as well as macroeconomic implications."
ABOUT DIGITAL SHADOWS
Digital Shadows enables organizations to manage digital risk by
identifying and eliminating threats to their business and brand. We
monitor for digital risk across the widest range of data sources within
the open, deep and dark web to deliver relevant threat intelligence,
context and actionable remediation options that enable security teams to
be more effective and efficient. Our clients can focus on growing their
core business knowing that they are protected if their data is exposed,
if employees or third parties put them at risk, or if their brand is
being misused. To learn more, visit www.digitalshadows.com.
ABOUT ONAPSIS
Onapsis cybersecurity solutions automate the monitoring and protection
of ERP systems SAP and Oracle, keeping these business-critical
applications compliant and safe from insider and outsider threats. As
the proven market leader, global enterprises trust Onapsis to protect
the essential information and processes that run their businesses.
Experts at the Onapsis
Research Labs were the first to lecture on SAP cyberattacks and have
uncovered and helped fix hundreds of security vulnerabilities to-date
affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile
applications, as well as Oracle JD Edwards and Oracle E-Business Suite
platforms. This patented technology is well known, industry wide, and
has gained Onapsis recognition on the Deloitte Technology Fast-500, as a
Red Herring (News - Alert) North America Top 100 company and a SINET 16 Innovator.
Headquartered in Boston, MA, Onapsis serves over 200 customers including
many of the Global 2000. Onapsis's solutions are also the de-facto
standard for leading consulting and audit firms such as Deloitte, IBM (News - Alert),
Infosys and PwC.
For more information, please visit www.onapsis.com,
or connect with us on Twitter,
Google+,
or LinkedIn.
