In response to the Elephant Beetle vulnerability that is stealing millions of dollars from enterprises around the world, Juan Pablo Perez-Etchegoyen, CTO at Onapsis, provides Digital Journal with some insights into this latest cyber-threat.
The group behind this series of attacks have been around for a few years, slowing gaining access to business systems. This is based on the findings for the Sygnia Incident Response team who have been tracking the group for two years.
The criminals use over 80 unique tools and scripts to work undetected on purchasing and supply software like Systems Applications and Products in Data Processing (SAP), and they slowly populate systems with bogus transactions, designed to defraud companies.
Perez-Etchegoyen begins by seeing enterprise software as a particularly vulnerable component in the corporate machine, stating: “This research further confirms that threat actors understand SAP applications and that they are leveraging SAP-specific exploits and techniques to compromise companies with the ultimate goal of exfiltrating data and performing financial fraud.”
‘Elephant Beetle’ prefers to target known and likely unpatched vulnerabilities instead of buying or developing zero-day exploits.
Perez-Etchegoyen also cautions that the warning signs have been available for some time: “Some of the vulnerabilities identified by the Sygnia research team were highlighted by CISA in 2016, through the technical alert TA16-132A, due to the vast exploitation and compromise of internet-facing SAP applications performed by diverse threat actors. This was followed by four other CISA technical and current activity alerts in the successive years.”
SAP systems running outdated or misconfigured software are the most likely firms to be exposed to increased risks of malicious attacks.
The key lesson, and by listening to market intelligence data, is to put more efforts into preparation says Perez-Etchegoyen, advising: “Given this research published by Sygnia, combined with some of the latest threat intelligence provided by SAP and Onapsis, it is of utmost importance for organizations to strengthen their SAP security processes, incorporating SAP within their vulnerability management and incident response processes to make it harder for threat actors to perform that initial compromise.”
