Skip to content

vSOC Threat Advisory – ERP Attacks on the Rise

Posted by: GuidePoint Security

3 min read

US-CERT released an advisory July 25, 2018 regarding an uptick of activity by attackers exploiting Enterprise Resource Planning (ERP) applications. This advisory was in response to a recently released Digital Shadows report titled, ERP Applications Under Fire: How cyberattackers target the crown jewels. In their report, Digital Shadows in partnership with Onapsis, provides new research and intelligence about the motives and techniques used by nation-state and hacktivist attackers against ERP systems.

ERP systems include the following platforms and typically hold the most sensitive information, or “crown jewels” that an organization has.

  • Human Capital Management (HCM)
  • Supply Chain Management (SCM)
  • Customer Relationship Management (CRM)
  • Product Lifecycle Management (PLM)
  • Supplier Relationship Management (SRM)
  • Process Integration (PI)
  • Manufacturing & Operations (MO)
  • Asset Lifecycle Management (ALM)
  • Business Intelligence (BI)

The key findings from the Digital Shadows report are:

  • Hacktivist groups are actively attacking ERP systems to infiltrate and disrupt target organizations.
  • Cybercriminals have more sophisticated attacks that target “behind-the-firewall” ERP applications.
  • Nation-state actors are exploiting ERP systems to access sensitive or classified information.
  • Over the last 3 years, there has been a 160% increase in interest in exploits for SAP and SAP HANA applications in dark web and cybercriminal forums.
  • Most modern ERP attacks are leveraging unpatched and misconfigured applications.
  • Prevalence of cloud and mobile solutions has increased the organization’s attack surface. Digital Shadows has identified more than 17,000 SAP and Oracle ERP applications directly connected to the Internet.
  • Leaked information is also a major issue, with more than 500 SAP configuration files identified on insecure repositories accessible from the Internet.

The complexities of ERP software platforms often leads to customers that struggle to apply security patches in a timely manner. Some of the main characteristics are:

  • Complex system architecture
  • Customized functionality
  • High number of interfaces and integrations
  • Proprietary protocols
  • Detailed and fine-grained access controls
  • No tolerance for downtime
  • Lack of knowledge and processes for ERP security
  • Reliance on third parties to support ERP platforms

The bottom line with ERP exploits and security is there are 7 main areas that customers need to focus on to improve their security posture.

  1. Identification and categorization of your business systems: It is essential to understand which systems are critical to your organization. Criticality, however, is more than just the amount of downtime you can tolerate from the system. It also includes the value of the system and the value of the data the system processes or stores.
  2. Vulnerability Management: This is not just conducting scans. Vulnerability management is the cyclical processes and procedures of identifying, categorizing, prioritizing, and remediating vulnerabilities in your software.
  3. Trained Resources: It is imperative that you employ (or contract) trained security resources that know your ERP and SAP platforms and are responsible for configuring, monitoring, and modifying the security parameters of each system.
  4. Architecture: Thousands of ERP and SAP applications are internet-accessible. Evaluate your architecture to identify which systems need this level of access to the Internet and which do not. Reducing your footprint will result in a smaller attack surface for the bad guys.
  5. Situational Awareness: Researchers have identified the inadvertent exposure of technical details and credentials for ERP and SAP systems by employees, contractors, and other third-parties who use insecure cloud-based platforms to share information.
  6. It Can Happen to You: Regardless of your industry, your size, your location, or how important you think you are to attackers, hackers, and activists, you probably are a target and just don’t know it yet. Realize that many attacks are not targeted by organization and are simply a function of opportunistic ability to monetize your data or systems. Cybercriminals and dark web forums are brimming with interest in ERP and SAP platforms to disrupt, steal, and exploit organizations of all sizes. Realize your organization’s data and systems have value, regardless of brand name, and implement a security program that corresponds to your organization’s risk posture.
  7. Your Mistake is Their Payday: Poor password hygiene, misconfigurations, lack of established processes and procedures all lead to mistakes that give attackers opportunities. Your mistakes allow them to steal and sell your sensitive data or compromise your systems for abuse. Examples that can be costly and overlook include crypto miner attacks on your servers, utilizing your CPU resources and power to mine crypto-coins for themselves.

Resources

Categories: News

GuidePoint Security

Customer Success Story: Wyndham Hotels & Resorts
Hear how Wyndham Hotels & Resorts relies upon GuidePoint Security as a trusted advisor and extension of its security team.
Watch Now

Related Articles

View All

  • Application Security
The Critical Need for Multi-Role Testing in Application Security
Posted by: Austin Turecek
Read More 7 min read
  • Governance, Risk & Compliance
CMMC Is Here – Are You Ready? (Better Late Than Never)
Posted by: Dan Mengel
Read More 4 min read
  • Application Security
RACE Conditions in Modern Web Applications
Posted by: Austin Turecek
Read More 8 min read