At the recent RSA Europe conference, researcher Alexander Polyakov, co-founder and CTO of ERPScan, warned that enterprises may soon be the targets of a deluge of SAP attacks.
Polyakov’s analysis hinges on the recent discovery of modifications made to a known banking Trojan, the Trojan.ibank, which allow it to seek out SAP GUI installations on infected endpoints, according to DarkReading.
Polyakov believes that the modification could be used to harvest information that would be of value to attackers, and when combined with the malware’s password stealing features, could be employed to exploit a critical heap overflow vulnerability in SAP to breach internal networks.
“The vulnerability allows attackers to get full control on SAP Router within one TCP packet and thus obtain access to internal network of company. This issue was closed in May but after almost half a year we found that only 15% from about 5000 SAP Routers available on the Internet were patched,” Polyakov.
Business-critical applications are quite vulnerable and easier to compromise that other attack vectors, Polyakov says, and s successful attack would be difficult if not impossible to detect due to the lack of log data on SAP systems deployed in the vast majority of enterprises.
“But if we talk about espionage, it’s hard to find many public examples mostly because only 10% of SAP systems that we analyzed use logging,” he says. “Which means that even if there is a breach it’s almost impossible to find it.”
Read More Here…