Malicious Cyber Activity Targeting ERP Applications

The US Department of Homeland Security (DHS) released an alert warning of increased malicious cyber activity targeting vulnerabilities in Enterprise Resource Planning (ERP) applications, including those offered by SAP and Oracle. The warning, based on a report published by the threat intelligence firms Digital Shadows and Onapsis, details an increased interest by nation-state hackers, criminal groups, and hacktivists in obtaining information on ERP systems. ERP applications assist organizations with managing critical business processes such as product lifecycle management, customer relationship management, and supply chain management, and store sensitive data including intellectual property, payment card details, and personally identifiable information (PII). According to the report, the majority of documented attacks against ERP applications leverage known vulnerabilities, highlighting the importance of applying patches in a timely manner. As ERP applications are deemed business-critical, widespread exploitation of such applications could create substantial disruptions to corporate operations. 

The NJCCIC recommends users and administrators of ERP applications review the Digital Shadows and Onapsis report and the US DHS alerts on the exploitation of ERP and SAP applications. Additionally, ensure applications are kept up-to-date and enable multi-factor authentication on accounts where available.