A US-CERT alerta sobre ataques informáticos a soluções de ERP (Enterprise Resource Planning), como Oracle e SAP. Os ciberatacantes estão atualmente a atacar este tipo de sistemas.
O relatório publicado pelo US-CERT pode ser encontrado neste endereço: “ERP Applications Under Fire.“
“Digital Shadows Ltd. and Onapsis Inc. have released a report describing an increase in the exploitation of vulnerabilities in Enterprise Resource Planning (ERP) applications. ERP applications help organizations manage critical business processes—such as product lifecycle management, customer relationship management, and supply chain management.” reads the US-CERT bulletin.
“An attacker can exploit these vulnerabilities to obtain access to sensitive information.”
Infelizmente, existe um número impressionante de sistemas expostos on-line e sem as necessárias medidas de segurança aplicadas. Torna-se uma tarefa facil penetrar num sistema, e as invasões têm sido devastadoras neste recentes meses.
The findings shed light into how nation-state actors, cybercriminals and hacktivist groups are actively attacking these applications and what organizations should
do to mitigate this critical risk.” states the report.“We observed detailed information on SAP hacking being exchanged at a major Russian-speaking criminal forum, as well as individuals interested in acquiring SAP HANA-specific exploits on the dark web. This goes in hand with an observed 100% increase of public exploits for SAP and Oracle ERP applications over the last three years, and a 160% increase in the activity and interest in ERP-specific vulnerabilities from 2016 to 2017.”
Abaixo ficam algumas conlusões do relatório:
Hacktivist groups are actively attacking ERP applications to disrupt critical business operations and penetrate target organizations.
Os investigadores descobriram pelo menos nove operações realizadas por grupos hacktivistas que visavam aplicativos de ERP, incluindo SAP e Oracle ERP.
Nation-state sponsored actors have targeted ERP applications for cyber espionage and sabotage.
There has been a dramatic increase in the interest in exploits for SAP applications, including SAP HANA, in dark web and cybercriminal forums.
Investigadores observaram um aumento no interesse em explorar aplicações SAP na Dark Web.
Attacks vectors are evolving, still mainly leveraging known ERP vulnerabilities vs. zero-days.
A influência dos atores de ameaças continua a preferir vulnerabilidades conhecidas, em vez de usar exploits de dia zero para seus ataques.
Cloud, mobile and digital transformations are rapidly expanding the ERP attack surface, and threat actors are taking advantage.
“Many of these exposed systems run vulnerable versions and unprotected ERP components, which introduce a critical level of risk.” states the report.
Leaked information by third parties and employees can expose internal ERP applications.
Investigadores descobriram mais de 500 ficheiros de configuração do SAP em repositórios inseguros expostos on-line, bem como funcionários que partilham credenciais de login do ERP em fóruns públicos. Esse tipo de informação acaba por ser tornar num presente precioso para os hackers.
Neste sentido as organizações devem rever as suas rotinas de segurança e alterar as passwords default dos sistemas para passwords mais complexas e fortes.