Nation-states and criminals are increasingly targeting enterprises’ business-critical applications, attempting to steal data and commit financial crimes, according to a U.S. government alert and research from Digital Shadows and Onapsis.
The U.S. Department of Homeland Security’s (DHS) Computer Emergency Readiness Team (CERT) yesterday issued a warning after Digital Shadows and Onapsis published the new threat research.
Most large organizations use enterprise resource planning (ERP) applications from vendors such as SAP and Oracle to support business processes. These include payroll, manufacturing, sales, billing, and hosting data such as financial results, manufacturing formulas, pricing, intellectual property, credit cards, and employees’ personal information.
The companies’ report shows a huge rise in attacks on widely-used ERP applications, which currently have a combined 9,000 known security vulnerabilities. It found a 100-percent increase in the number of publicly available exploits for SAP and Oracle ERP applications over the last three years, and a 160-percent increase in the activity and interest in ERP-specific vulnerabilities from 2016 to 2017.
The report also shows an increase in attacks on these systems by nation-state actors, cybercriminals, and hacktivists that include both hacking and distributed denial of service (DDoS) attempts. These actions put large companies’ systems at risk of espionage, sabotage, and financial fraud.
For example, hacktivist groups affiliated with the Anonymous collective have expanded their operations to disrupt mission-critical ERP platforms and have targeted these platforms in more than nine operations since 2013. Additionally, well-known malware kits such as Dridex are being used to steal credentials and data from behind-the-firewall ERP applications, and nation-states are attempting to compromise these applications to access sensitive information and disrupt business processes.
The report also highlights how mobile and cloud deployments are expanding the ERP attack surface. It found more than 17,000 SAP and Oracle ERP applications were exposed on the internet, many running vulnerable versions and unprotected components. Attackers are actively sharing information to take advantage of this opportunity, the report says.