Connect with us

Hi, what are you looking for?

World

Enterprise alert: Elephant Beetle vulnerability could be stealing data right now

Threat actors understand SAP applications and that they are leveraging SAP-specific exploits.

The Indian government wants to ban all private cryptocurrencies, with some exceptions, to pave the way for a digital money controlled by the central bank. — © AFP
The Indian government wants to ban all private cryptocurrencies, with some exceptions, to pave the way for a digital money controlled by the central bank. — © AFP

In response to the Elephant Beetle vulnerability that is stealing millions of dollars from enterprises around the world, Juan Pablo Perez-Etchegoyen, CTO at Onapsis, provides Digital Journal with some insights into this latest cyber-threat.

The group behind this series of attacks have been around for a few years, slowing gaining access to business systems. This is based on the findings for the Sygnia Incident Response team who have been tracking the group for two years.

The criminals use over 80 unique tools and scripts to work undetected on purchasing and supply software like Systems Applications and Products in Data Processing (SAP), and they slowly populate systems with bogus transactions, designed to defraud companies.

Perez-Etchegoyen begins by seeing enterprise software as a particularly vulnerable component in the corporate machine, stating: “This research further confirms that threat actors understand SAP applications and that they are leveraging SAP-specific exploits and techniques to compromise companies with the ultimate goal of exfiltrating data and performing financial fraud.”

‘Elephant Beetle’ prefers to target known and likely unpatched vulnerabilities instead of buying or developing zero-day exploits.

Perez-Etchegoyen also  cautions that the warning signs have been available for some time: “Some of the vulnerabilities identified by the Sygnia research team were highlighted by CISA in 2016, through the technical alert TA16-132A, due to the vast exploitation and compromise of internet-facing SAP applications performed by diverse threat actors. This was followed by four other CISA technical and current activity alerts in the successive years.”

SAP systems running outdated or misconfigured software are the most likely firms to be exposed to increased risks of malicious attacks.

The key lesson, and by listening to market intelligence data, is to put more efforts into preparation says Perez-Etchegoyen, advising: “Given this research published by Sygnia, combined with some of the latest threat intelligence provided by SAP and Onapsis, it is of utmost importance for organizations to strengthen their SAP security processes, incorporating SAP within their vulnerability management and incident response processes to make it harder for threat actors to perform that initial compromise.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

The figurines aren't real, but thanks to ChatGPT's new image generator they look genuine, and they are flooding platforms from TikTok to LinkedIn.

Business

The US has a unique history of truly staggering incomprehension when it comes to China.

Entertainment

Tina Louise, veteran actress, singer, and entertainer, chatted about her "Sunday: A Memoir" book (and audiobook) and she discussed her career in the entertainment...

Life

Vermont ranked least stressed in the U.S., performing best in both work stress and health & safety.