Content, Breach, Content

ERP Report: Hackers Target Oracle, SAP Business Applications

Hacktivist groups are actively targeting enterprise resource planning (ERP) applications from Oracle and SAP, according to a report from cybersecurity solutions firms Digital Shadows and Onapsis.

Key findings from the Digital Shadows-Onapsis "ERP Applications Under Fire" report included:

  • There has been a 100 percent increase in public exploits of Oracle and SAP ERP applications over the last three years.
  • There was a 160 percent increase in ERP-specific vulnerability activity and interest between 2016 and 2017.
  • There are more than 500 SAP configuration files on insecure file repositories across the internet.
  • At least 10,000 servers are running incorrectly configured software that makes them susceptible to SAP or Oracle exploits.
  • More than 5,000 security patches are available for vulnerabilities in Oracle applications, and more than 4,000 security patches are available for vulnerabilities in SAP applications.

The U.S. Computer Emergency Readiness Team (US-CERT) has issued a warning in response to the Digital Shadows-Onapsis report. US-CERT also is urging organizations to secure their ERP applications.

How Can Organizations Protect Their ERP Applications?

More than 17,000 Oracle and SAP ERP applications are connected to the internet and used for product lifecycle management, customer relationship management, supply chain management and other critical business processes, Digital Shadows and Onapsis indicated. As such, many cybercriminals are targeting ERP applications, and this trend appears likely to continue in the foreseeable future.

Traditional identity management tools are "ineffective" to prevent or detect ERP application attacks, Digital Shadows and Onapsis noted. Instead, the companies offered the following recommendations to help organizations improve the cybersecurity posture of their ERP applications across on-premise or public, private or hybrid cloud environments:

  • Identify and resolve ERP application layer vulnerabilities, insecure configurations and excessive user privileges.
  • Detect and address dangerous interfaces and application programming interfaces (APIs) between different ERP applications used across an organization.
  • Track and respond to sensitive ERP user activity and ERP-specific indicators of compromise (IOCs).
  • Watch for leaked ERP data and user credentials.

In addition, security controls must be applied across all areas of an organization's ERP application platform, Digital Shadows and Onapsis indicated. These controls ensure an organization can limit ERP application attacks in both production and non-production environments.

MSSPs also can provide ERP application security best practices, recommendations and services. By doing so, MSSPs can help organizations implement security programs to keep pace with evolving ERP application threats.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.