Onapsis and Digital Shadows, a digital risk management firm, have released research and evidence of cybercriminals targeting Enterprise Resource Planning (ERP) applications.
The research highlights the vast majority of large organizations potentially impacted by the threat have implemented SAP and Oracle ERP applications.
As noted in the report, security researchers have discovered attackers using an updated version of Dridex to target SAP client software as recently as February 2018. This threat enables bad actors to steal SAP user credentials that can then be used to access internal SAP environments.
Other threats were noted in the report, including cyber espionage and sabotage activities, leveraging existing vulnerabilities, and leaked third party information, to name just a few.