US warns more banking attacks will target vulnerable Oracle…

The US Government’s US Computer Emergency Readiness Team (US-CERT) has flagged a report that warns of an uptick in exploitation of bugs in the “crown jewels” of organizations more commonly known as enterprise resource planning (ERP) systems. 

The short alert warns of “malicious cyber activity targeting ERP applications” and encourages admins to review a joint report from SAP bug hunter, Onapsis, and Digital Shadows. The companies note that hundreds of thousands of organizations across the globe have implemented an ERP system from either SAP and Oracle, which dominate the ERP market. 

In 2016, US-CERT, a unit of the Department of Homeland Security, warned that 36 organizations were affected by an SAP flaw discovered by Onapsis whose researchers found signs that the vulnerability was being exploited to target SAP-using businesses, 13 of which had annual revenues of over $10 billion. 

The businesses were located in the US, UK, Germany, China, India, Japan, and South Korea across a range of industries, including oil and gas, telecommunications, utilities, retail, automotive, life sciences, consumer products, chemicals, high tech, engineering, construction and more.   

The vulnerability concerned a component called the Ivoker Servlet used in business applications on SAP Java platforms, which affected multiple SAP products including its ERP systems, CRM, Supply Chain Management, Business Intelligence, and multiple NetWeaver products. 

These products from SAP and Oracle typically support payroll, treasury, inventory management, manufacturing, financial planning, sales, logistics and billing. In other words, the applications host the crown jewels of an organization.  

AddSearch Custom Site Search

Be the first to comment

Leave a Reply

Your email address will not be published.