The Department of Homeland Security (DHS) has issued a warning against cyber attacks on Enterprise Resource Planning (ERP) systems. The warning was issued based on the research report filed two cyber threat intelligence firms Digital Shadows and Onapsis.
Note 1- ERP systems are cloud-based applications which allow businesses to manage various business resources all through a single pane of glass. This includes customer accounts, finances, HR related operations, marketing ops, sales, product distribution, and such.
DHS has specified in its statement that the data stored on thousands of unpatched business systems offered by Oracle and SAP is vulnerable to cyber attacks.
In general, most of the companies store highly sensitive data on ERPs and this includes financial results, manufacturing secrets, and credit card numbers which help the business owners in managing information regarding customers, employees and suppliers.
As hackers are always on a prowl to exploit old vulnerabilities, the latest disclosure about the ERP can prove as a gold mine to them. So, customers using SAP and Oracle based systems are requested to run security patches on their systems in order to isolate themselves from future cyber attacks.
Note 2- As per the analysis was done by some researchers from Onapsis, over 10,000 servers are running on ill-configured software. And it is estimated that every year over 4,000 known bugs in SAP and over 5,000 in Oracle software pose as cybersecurity threats to the users, especially because of the use of older systems that are almost highly expensive to fix. Another core issue identified in the report is the fact that over 17k SAP and Oracle ERP applications are now discoverable on the public web.