DHS warns about hackers increasingly targeting ERP applications

• ERPs have become a favourite target for intruders because of the amount of data it handles.
• Experts identified over 17,000 attempted attacks on ERP applications, using brute-force techniques.

The US Department of Homeland Security (DHS) has issued a public warning, highlighting the increase in attacks on Enterprise Resource Planning (ERP). DHS believes that ERPs are being targeted by nation-state hackers, criminal groups and hacktivists.

For the uninitiated, ERPs are web-based applications that facilitate companies’ various business functionalities, such as handling HR issues, marketing ops, sales, production distribution, customer accounts and more.

A report by Digital Shadows, in collaboration with Onapsis, provides a detailed analysis of a recent attack against ERP systems.

SAP and Oracle are favorite targets

Given the amount of data it manages, ERPs have become a favorite target for intruders and cybercriminals. They are increasingly targeting known vulnerabilities to steal highly sensitive data or disrupt the operations of business processes.

The joint report highlighted that hacktivists, in particular, have been exploiting flaws in Oracle and SAP platforms.

"We observed detailed information on SAP hacking being exchanged at a major Russian-speaking criminal forum, as well as individuals interested in acquiring SAP HANA-specific exploits on the dark web," the report reads. "This goes in hand with an observed 100% increase of public exploits for SAP and Oracle ERP applications over the last three years.”

Researchers also found a 160 percent increase in activity related to ERP-specific vulnerabilities from 2016 to 2017.

Old flaws and passwords used to break into ERP applications

Experts noted that the attackers are not just relying on zero-day vulnerabilities to execute attacks on ERP. Cybercriminals often go after ERP applications that have not been patched or when companies have failed to set up strong security policies.

In other cases, usernames and passwords leaked in old breaches were used by cybercriminals to break into an employee’s ERP account. Experts identified over 17,000 such attack attempts on ERP applications, which involved attackers using brute-force techniques.

Moreover, an unsecured database was also found to be one of the other reasons for the attack on ERPs. Researchers said that over 500 ERP configuration files were exposed online via unsecured file repositories. The attackers could mine the data from these configuration files..

While the attack on the ERP applications continues to grow, it is still unknown how severely these attacks may impact an organization.

“Threat actors are continually evolving their tactics and targets to profit at the expense of organizations. On the one hand, with the type of data that ERP platforms hold, this isn’t shocking. However, we were surprised to find just how real and severe the problem is,” said Rick Holland, CISO of Digital Shadows, Infosecurity reported.