U.S. Department Of Homeland Security Cringes At Daring Attacks

The U.S. Department of Homeland Security (DHS) has announced the discovery of an intensified cyberattack by hackers against Enterprise Resource Planning (ERP) systems, the integrated management of core business processes, often in real-time and mediated by software and technology. These systems are used around the world, which means this notification affects all government agencies as well as the private sector who must now figure out if their specific ERP systems were compromised.

The DHS warning comes in response to a threat alert released by Digital Shadows and Onapsis. Juan Perez-Etchegoyen, CTO of Onapsis described the issue, “We found evidence of more than 20 campaigns targeting ERP applications in different ways, We saw that there is a 160 percent increase from 2016 to 2017 specifically around dark web forum mentions of SAP CVEs, which have an exploit available. Attackers will continue targeting ERP applications and will continue to leverage well-known exploits. Until organizations really get to a maturity level, where their systems are up-to-date and known risks are tackled, it’s just a matter of time until they are attacked.”

Michael Marriott, Digital Shadow’s Research Analyst went on to say, “I think we were fairly surprised with how many campaigns we could publicly see that were targeting SAP applications. What we have seen with Dridex is that it is increasingly looking to harvest SAP login information credentials.”

ERP’s are cloud-based apps which enable firms to control business-specific processes such as sales records, product logistics, finance management, HR incident management, marketing operations, and customer account recordings. ERP’s are lucrative targets of cyber attacks, as they contain a lot of company information about their employees, their suppliers, and their customers.

“We observed detailed information on SAP hacking being exchanged at a major Russian-speaking criminal forum, as well as individuals interested in acquiring SAP HANA-specific exploits on the dark web. This goes in hand with an observed 100% increase of public exploits for SAP and Oracle ERP applications over the last three years, and a 160% increase in the activity and interest in ERP-specific vulnerabilities from 2016 to 2017,” the alert said.

The study revealed a trending rise of cyberattacks against SAP and Oracle, two popular vendors of ERP systems. There are 9,000 known security issues yet to be patched by the two vendors mentioned. The attack surface is exploitable, as 17,000 ERP applications are exposed in the public web. Just last April 2018, a 13-year old security bug has finally been patched by SAP. Surface web ERP systems are easier to penetrate and attacked with a DDOS compared to closed ERP systems that are only accessible by the local users.

The report explains, “We have captured evidence of cyberattacks attributed to nation-state affiliated actors, in which ERP applications were compromised in order to access highly-sensitive information and/or disrupt critical business processes. The implications of this research go beyond the risk to individual companies. Based on the observed threat actors, the pervasive nature of these applications in the world’s largest organizations and the dependence on them for the execution of business-critical processes, wide-scale attacks on ERP applications could also have macroeconomic implications.”