New Research Confirms ERP Applications are Under Attack by Cybercriminals

New Research Confirms ERP Applications are Under Attack by Cybercriminals

This morning, new research from digital risk management firm, Digital Shadows, and ERP cybersecurity and compliance firm, Onapsis, revealed evidence that widely-used ERP applications are under attack by cybercriminals.

The report shows a dramatic rise in cyberattacks on widely-used ERP applications such as SAP and Oracle, which combined currently have 9,000 known security vulnerabilities. Many large organizations have implemented ERP solutions from these vendors, relying on products such as SAP Business Suite, SAP S/4HANA and Oracle E-Business Suite/Financials.

Enterprises reply on these applications to support important business processes like payroll, inventory management, manufacturing, financial planning, sales, logistics critical intellectual property, personally identifiable information (PII) from employees, customers and suppliers (among other sensitive information) and more.

The report also provides in-depth evidence that well-known cybercriminals, nation-state actors and hactivists are expanding their operations and campaigns to target these high-value assets, which include both hacking and distributed denial of service (DDoS) attempts.

“This collaboration with Digital Shadows provides a breadth and depth of threat intelligence that is unprecedented,” said Juan Pablo Perez-Etchegoyen, CTO at Onapsis. “By showing how these applications are being actively targeted by a variety of threat actors across different geographies and industries, we hope to overcome the misconceptions in the industry and help CIOs, CISOs and their organizations head off and manage the risk of wide-scale attacks on ERP applications, which could have a devastating impact, as well as macroeconomic implications.”

This research is considered so critical that the Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) issued an alert today warning of the risk of these ERP application attacks. Attacks of this nature were first warned about in May 2016 when the US-CERT issued an alert advising of a significant threat that included the exploitation of 36 global organizations through the abuse of a then five-year-old vulnerability in SAP applications.

According to Digital Shadows, these warnings have been proven to to be prescient with the new research revealing:

Cybercriminal organizations are exploiting ERP applications, leveraging known vulnerabilities and targeting high-value assets such as SAP HANA.

  1. A 100 percent increase in the number of publicly-available exploits for SAP and Oracle ERP applications over the last three years.
  2. A 160 percent increase in the activity and interest in ERP-specific vulnerabilities from 2016 to 2017.

Well-known hacktivists and cyber criminal groups are expanding their tactics, techniques and procedures (TTPs) to now specifically target ERP applications.

  1. Hacktivist groups, such as those affiliated with the Anonymous collective, have expanded their operations to include penetrating and disrupting mission-critical ERP platforms, having targeted these platforms in over nine operations since 2013.
  2. Well-known malware kits such as Dridex are being evolved to steal user credentials and data from behind-the-firewall ERP applications.
  3. Nation-state affiliated actors have been attributed for the compromise of ERP applications in order to access highly-sensitive information and/or disrupt critical business processes.

In addition, cloud, mobile and digital transformations are rapidly expanding the ERP cyber attack environment. More than 17,000 SAP and Oracle ERP applications were found to be exposed on the internet, many running vulnerable versions and unprotected components, and threat actors are actively sharing information to take advantage of this opportunity, Digital Shadows reports.

Prior to this report, ERP cybersecurity issues had remained immensely ignored due to the lack of publicly-disclosed breaches and information about the threat actors.

“Threat actors are continually evolving their tactics and targets to profit at the expense of organizations. On the one hand, with the type of data that ERP platforms hold, this isn’t shocking. However, we were surprised to find just how real and severe the problem is,” said Rick Holland, CISO and VP of Strategy at Digital Shadows.

Whether or not you have been affected, we encourage you to download the report now for details of the research and the key actions you need to take.


Looking for more? Download our ERP buyers guide for free and compare the top-24 products available on the market with full page vendor profiles. The guide includes four key capabilities to look for in an ERP solution, plus five questions to ask yourself and five questions to ask the software provider before purchasing. It’s the perfect resource for anyone looking to find right ERP for their business/organization.

And don’t forget to follow us on TwitterFacebook and LinkedIn for all the latest in the ERP space!

Follow Liz

Elizabeth Quirk

Liz is a leading enterprise technology writer covering Enterprise Resource Planning (ERP), Business Process Management (BPM) and Talent Management Suites (TMS) at Solutions Review. She writes to bridge the gap between consumer and technical expert to help readers understand what they're looking for. Liz attended Massachusetts College of Liberal Arts, where she obtained her Bachelor of Arts Degree in English and Communications. You can reach her at equirk@solutionsreview.com
Elizabeth Quirk
Follow Liz

Leave a Reply

Your email address will not be published. Required fields are marked *