DHS warns companies targeted on dark web


Illustration file picture - A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017.(REUTERS/Kacper Pempel/Illustration)

Criminals on the dark web have a growing appetite for hacking into corporate applications, a new alert from the Department of Homeland Security says.

DHS this week pointed to research from cybersecurity firms Onapsis and Digital Shadows that shows cybercriminals targeting so-called Enterprise Resource Planning (ERP) applications, which typically hold a company’s most sensitive data and critical business processes.

DHS began noticing this back in May 2016 when it issued an alert that 36 global organizations were the target of hacks.

“This alert was, however, only the tip of the iceberg, as threat actors have continued to evolve since then and expanded their ERP attack vectors,” a report this month from Onapsis/Digital Shadows says.

Applications that get particular attention from cybercriminals are those from Walldorf, Germany-based SAP and Redwood Shores, Calif.-based Oracle, according to the research.

Using these vulnerabilities “attackers can get full access to all information” stored in an application, Juan Pablo Perez-Etchegoyen, CTO of Onapsis, told Fox News in an email.

“Clear Indications” of interest among cybercriminals and on Dark Web forums

One of the early indicators was in 2013 when a user on “Exploit.in,” a Russian dark web criminal forum, posted details on how to compromise SAP applications. In the following years, dark web sites have hosted video tutorials and tools for exploits, according to the report.

Recently, there has been a “dramatic increase” in interest to hack into SAP applications on dark web and cybercriminal forums, the report added.

“We analyzed the last 5 years. There has been a consistent number of campaigns through all 5 years and we have seen examples as early as April this year as well,” Onapsis’ Perez-Etchegoyen told Fox News.

That includes the exchange of detailed information on SAP hacking at a criminal forum, according the report.

In addition to criminal forums, exploits are traded in dark web marketplaces or at dedicated exploit sites. “Analyzing one of these sites, ‘0day.today,’ we identified approximately 50 exploits for SAP products and 30 for the Oracle EBS technology stack,” the report said.

Both SAP and Oracle say they take security very seriously and urge customers to install fixes.

“Our recommendation to all of our customers is to implement SAP security patches as soon as they are available – typically on the second Tuesday of every month to protect SAP infrastructure from attacks,” a SAP spokesperson told Fox News.

“Oracle issued security updates for the vulnerabilities listed in this report in July and in October of last year,” an Oracle spokesperson told Fox News. “Oracle recommends that customers remain on actively-supported versions and apply security updates as quickly as possible.”

The report goes on to say that Onapsis and Digital Shadows have observed a “100 percent increase” in public exploits targeting SAP and Oracle ERP applications during the last three years. This jumped to 160 percent from 2016 to 2017.


Leave a reply