In late July, the Department of Homeland Security issued a warning about a growing number of malicious cyberattacks aimed at ERP systems based on a research project conducted by Digital Shadows and Onapsis. This warning comes at the heels of the first-ever DHS CERT Alert focused on SAP Business Applications released in May of 2016. According to the report, hackers exploited old, unpatched vulnerabilities to successfully hack multiple organizations, including government agencies, energy businesses, and financial services companies. Onapsis and Digital Shadows found significant evidence of increased interest on ERP applications, including bad actors in criminal forums on the dark web asking for exploits specifically targeting ERP technology vulnerabilities. The study, “ERP Applications Under Fire: How Cyberattackers Target the Crown Jewels,” found that the attackers do not need to use advanced techniques to breach their targets because the current state of ERP application security across organizations is such that old vulnerabilities still affect these systems. This means that attackers don’t need to develop new zero-days or advanced exploitation techniques.
Paula Musich
Paula brings over 30 years of experience covering the IT security and networking technology markets. She has been an IT security analyst for over nine years, most recently as a research director at NSS Labs, and earlier as principal analyst for enterprise security for Current Analysis. As a security technology analyst Paula has tracked and analyzed competitive developments in the threat management segment of the information security market, ranging from advanced anti-malware to next generation firewalls and intrusion prevention systems to content security, data loss prevention and more.
Recent Posts
Cyber Attackers Turn Their Sight to ERP Applications
By Paula Musich on Sep 26, 2018 7:58:29 AM
Topics:
cyber attacks
Cyber Security
EMA
Enterprise Management Associates
DHS CERT Alert
ERP applications
paula musich
Continue Reading