Tuesday 14 August 2018

US Homeland Security warns of latest hacker craze – ERP pwnage

Attacks on SAP, Oracle platforms incoming

Hackers are increasingly looking to target enterprise resource planning (ERP) systems to disrupt and steal data from large companies.

This according to a report (PDF) from security companies Digital Shadows and Onapsis, who say that hacktivists and state-sponsored groups in particular have been looking to exploit flaws in Oracle and SAP platforms.

“ERP applications are being actively targeted by a variety of cyber-attackers across different geographies and industries,” the report reads.

“Traditional controls of ERP application security such as user identity management and segregation of duties are ineffective to prevent or detect the observed TTPs used by attackers.”

The report has received the endorsement of DHS, who recommended companies read and follow its findings.

Because ERP applications are so heavily relied upon by companies and because they are increasingly exposed to the public internet as cloud services, the platforms are very attractive as both targets for sabotage and as the entry point for larger data-theft operations.

Because of this, the study found, the number of public exploits for SAP HANA and Oracle ERP software has doubled over the last three years. The researchers also note that demand for stolen credentials has also gone up, with some hackers repurposing banking malware to lift ERP system logins.

CPU thieves get in on the act

Even cryptominers are looking to get in on the act, say researchers. The paper notes a 2017 incident where hackers used an exploit for WebLogic to plant mining code on servers and rack up around $226,000 worth of Monero coins.

“While it is hard to know how widespread this activity is, we have detected individuals discussing the potential of using SAP servers to mine Monero on Internet Relay Chat (IRC) channels,” the report says.

Read More Here

Article Credit: The Register

Go to Source

The post US Homeland Security warns of latest hacker craze – ERP pwnage appeared first on Statii News.



source http://news.statii.co.uk/us-homeland-security-warns-of-latest-hacker-craze-erp-pwnage/
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)