Homeland Security warns businesses of Oracle and SAP ERP vulnerabilities

Oracle and SAP urge customers to apply patches to secure systems against hackers

Homeland Security has taken the step of issuing an alert to businesses using Oracle and SAP's ERP applications, warning that the software is at risk from hackers.

Firms in the UK, US and Germany are most at risk from the threat, said security firms Digital Shadows and Onapsis, both of which warned that state-sponsored actors and hacktivist groups are actively targeting the ERP applications to disrupt critical business operations and steal personal credentials.

Advertisement - Article continues below

The research focused exclusively on vulnerabilities found in systems developed by Oracle and SAP, the two largest ERP vendors collectively used by the vast majority of large businesses.

More than 200 SAP exploits and 2,500 Oracle exploits dating back over a decade are detailed in the 'ERP Applications Under Fire' report. One example the rearchers highlighted was the use of several botnets of the Dridex malware, set up over 2017 and 2018, to allow cyber criminals to steal valid SAP user credentials and access companies' internal IT environments.

Oracle said it patched the listed vulnerabilities in July and October 2017, and both firms advised customers to apply updates to their systems as soon as possible.

"While some executives still consider 'behind-the-firewall' ERP implementations to be protected, we have observed clear indicators of malicious activity targeting environments without direct internet connectivity," the report read.

Advertisement
Advertisement - Article continues below

"Further, there is an astonishing number of insecure ERP applications directly accessible online, both on-premise and in public cloud environments, increasing the attack surface and exposure."

Publicly-available exploits have also risen alongside a growing interest in historical vulnerabilities that can still be exploited today. The researchers identified criminal forums, dark web marketplaces and dedicated exploit sites as a handful of locations on which exploits are traded - with Twitter one of the main sites where exploits are mentioned.

Advertisement - Article continues below

The findings have led the US Computer Emergency Readiness Team (US-CERT) to issue an official warning - urging businesses to review the report and take measures to protect themselves against these vulnerabilities.

"The Critical Patch Update is the primary mechanism for the release of all security bug fixes for Oracle products," an Oracle spokesperson told IT Pro. "Oracle is focused on security and continues to investigate means to make applying security patches as easy as possible for customers. Oracle recommends that customers remain on actively-supported versions and apply security updates as quickly as possible."

An SAP spokesperson added: "As the global leader in business software, we take security seriously and implement best practices in our security processes that include development, operations, tools and employee training. Confidentiality, integrity, availability and data privacy are core values for SAP.

"Our recommendation to all of our customers is to implement SAP security patches as soon as they are available - typically on the second Tuesday of every month to protect SAP infrastructure from attacks."

Advertisement - Article continues below

Although US businesses are most vulnerable - with 77% of Oracle's E-Business Suite (EBS) users and 17% of SAP users based there, according to the report - the UK is the most exposed nation in Europe for internet-facing EBS applications, while Germany has the most internet-facing SAP applications.

A spokesperson for the UK's National Cyber Security Centre (NCSC) told IT Pro it would not be issuing guidance at this time as the report highlights a trending vulnerability, as opposed to a specific vulnerability, and that the US-CERT guidance covers the issue adequately.

The spokesperson added: "The NCSC advises that all businesses protect their systems from threats by installing updates and patches as soon as they become available, to ensure that you are protected as soon as the vendor releases updates regardless of the specific vulnerability.

"We also recommend that you follow vendor guidance on securing ERP systems in particular."

A timeline of incidents within the report also illustrated the rise in hacktivists and cyber criminals exploiting ERP vulnerabilities - spanning Sudoh@ck3rs' targeting of an internet-facing SAP portal in 2013, to cyber criminals exploiting WebLogic to use Peoplesoft to mine cryptocurrency.

Advertisement - Article continues below

In the wake of its findings, the report recommended that all businesses take steps to mitigate the risk of being targeted, saying: "ERP applications are clearly a target for cyber attackers and it is no longer an option to rely solely on identity management and segregation of duties controls, as they are ineffective to prevent or detect these evolved risks."

These measures include identifying ERP application layer vulnerabilities, monitoring for leaked ERP data and user credentials, as well as identifying and removing any dangerous interfaces and APIs between the different ERP applications in an organisation.

Picture: Bigstock

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020