An alert released by US Computer Emergency Readiness Team (CERT) on behalf of the National Cybersecurity and Communications Integration Center (NCCIC), a division of the Department of Homeland Security, brought attention to a joint report by two cybersecurity firms revealing that hackers are showing renewed interest in Enterprise Resource Planning (ERP) solutions. According to the report, threat actors are targeting existing exploits in legacy ERP systems that allow for gaps that grant access deeper into the network the software if connected to.
ERP Dark Web Communications
ERP solutions are extensive and inherently complex software systems that are designed to facilitate application for critical operational functions. Additional integrations extend the functionality of ERP systems beyond core processes to allow for more specific roles to be managed through the software. Modern developments have expanded the reach of ERP solutions through cloud technology, yet the ubiquity of the Internet is one factor that contributes to broader attack surfaces in this type of software.
The report referenced research conducted on cybercriminal and nation-state actors exchanging information on the dark web and other online venues. Cyber-espionage groups have been exploiting loopholes in unsecured cloud services to breach enterprise network systems for some time already, and other groups are looking to combine gaps old and new as well. The NCCIC even referenced a previous alert from 2016 in the most recent warning as an indication that this is not an individual occurrence regarding enterprise software.
According to the previous bulletin, even though the existing vulnerability was patched long ago, it still provides an opening for attackers to exploit in outdated legacy ERP systems or those that have not been configured properly. This particular bug would allow someone to bypass any forms of authorization to obtain remote access to the system and any others it was connected to. It would also allow the attacker to completely control the ERP solution and all associated systems.
Misconfigured Software Vulnerabilities
This highlights the danger of these vulnerabilities existing within ERP software, as the primary function of these solutions are to oversee and manage core processes, as well as to integrate ancillary features into a centralized interface. ERP systems are by definition connected with the critical operations of your business, and the availability of Internet-facing functionality in modern ERP solutions can provide an external entry point to attackers if these gateways are not secured properly.
The alert is one of several efforts by the DHS to combat the frequency of network attacks and protect US commercial and public interests from these threats. Earlier in 2018, the Department also warned of suspected targeting of the US energy grid by Russian hackers and later they unveiled the creation of the National Risk Management Center, “a dedicated hub to helping private industry avoid and respond to cyberattacks from around the world,” according to CNET. These moves indicate a renewed focus by the DHS on ensuring national cybersecurity, as well as the seriousness of the threat of network breaches to the private sector.
Read these 5 ways to maintain your ERP solution’s data security from SWK’s ERP practice, or sign up for a Network Vulnerability Test to get a better understanding of the state of your system’s security.