Connect with us

Hi, what are you looking for?

World

Enterprise alert: Elephant Beetle vulnerability could be stealing data right now

Threat actors understand SAP applications and that they are leveraging SAP-specific exploits.

The Indian government wants to ban all private cryptocurrencies, with some exceptions, to pave the way for a digital money controlled by the central bank. — © AFP
The Indian government wants to ban all private cryptocurrencies, with some exceptions, to pave the way for a digital money controlled by the central bank. — © AFP

In response to the Elephant Beetle vulnerability that is stealing millions of dollars from enterprises around the world, Juan Pablo Perez-Etchegoyen, CTO at Onapsis, provides Digital Journal with some insights into this latest cyber-threat.

The group behind this series of attacks have been around for a few years, slowing gaining access to business systems. This is based on the findings for the Sygnia Incident Response team who have been tracking the group for two years.

The criminals use over 80 unique tools and scripts to work undetected on purchasing and supply software like Systems Applications and Products in Data Processing (SAP), and they slowly populate systems with bogus transactions, designed to defraud companies.

Perez-Etchegoyen begins by seeing enterprise software as a particularly vulnerable component in the corporate machine, stating: “This research further confirms that threat actors understand SAP applications and that they are leveraging SAP-specific exploits and techniques to compromise companies with the ultimate goal of exfiltrating data and performing financial fraud.”

‘Elephant Beetle’ prefers to target known and likely unpatched vulnerabilities instead of buying or developing zero-day exploits.

Perez-Etchegoyen also  cautions that the warning signs have been available for some time: “Some of the vulnerabilities identified by the Sygnia research team were highlighted by CISA in 2016, through the technical alert TA16-132A, due to the vast exploitation and compromise of internet-facing SAP applications performed by diverse threat actors. This was followed by four other CISA technical and current activity alerts in the successive years.”

SAP systems running outdated or misconfigured software are the most likely firms to be exposed to increased risks of malicious attacks.

The key lesson, and by listening to market intelligence data, is to put more efforts into preparation says Perez-Etchegoyen, advising: “Given this research published by Sygnia, combined with some of the latest threat intelligence provided by SAP and Onapsis, it is of utmost importance for organizations to strengthen their SAP security processes, incorporating SAP within their vulnerability management and incident response processes to make it harder for threat actors to perform that initial compromise.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Most hearing loss is the result of those tiny hair cells in the cochlea being damaged over time. Not all hearing loss is the...

Entertainment

German producer and songwriter Toby Gad chatted about his new album "Piano Diaries — The Hits," which was released today.

Tech & Science

Radiotherapeutics are focused today on treating cancers of the central nervous system, which are some of the deadliest cancers.

Tech & Science

Catastrophic computer outages exposed the dangers of global technological dependence on a handful of players.