Recently, we discussed the most common attacks on SAP systems, but this is not the only existing classification of threats. Sometimes you can find a division when attacks are divided into espionage, sabotage and fraud. This division is due to the ultimate goal of a particular attack – whether it is to get access to confidential data, interrupt the work of an organization, or obtain money through extortion or blackmail. Of course, all this implies to the SAP security as well,
Let’s take a closer look at each of these types of threats.
So, the purpose of espionage attacks becomes clear from the name. When spying, a hacker may be interested in a variety of confidential company data, which usually only authorized employees have access to – this may be information related to trade secrets, company intellectual property, financial data, personal data of employees, contracts and any other documents and files stored in the system. As a rule, in the case of espionage, unauthorized access is gained through existing vulnerabilities in the system (which is why it is so important to try to fix them in a timely manner). Sometimes unauthorized access is obtained by third parties due to inaccurate storage of credentials, as well as through brute forcing.
Special attention should be paid to the company’s financial data – they are usually the most important and vulnerable. When it comes to SAP systems, their vulnerability is even greater, since usually all financial information in SAP is stored in the same place.
When it comes to commercial espionage which is also common along with financial data hunting, it is enough for an attacker to gain access to the PLM or Product Lifecycle Management system, which is one of the most commonly used systems from the SAP Business Suite.
Without going into too much detail on other types of data, let’s just say that it’s enough to get access to business application systems such as Customer Relationship Management (CRM) to steal customer data, and personal data of employees is located in the SAP HR system.
Despite the fact that sabotage attacks are relatively rare in the press, this does not diminish their danger and potential negative consequences.
When it comes to SAP systems, such attacks are most often carried out through some DoS vulnerabilities, which leads to SAP work interruption. In this case, the losses of the company can be enormous, in addition to the fact that a sabotage attack on the SAP system will certainly affect the operation of other company systems, such as the production department, asset management systems, or ICS and SCADA devices.
The object of the attack can be different – ranging from processes, products and assets to finances, reputation and people.
Of course, most often such attacks are aimed at the product itself and its quality. Of course, the potential damage to companies in this case can be extremely critical – for example, if you are in the automotive industry and use SAP to control the production of components. If an attacker gains access to EAS (Enterprise Alert System), he will be able to modify the data on the state of the equipment in various ways, which will ultimately lead to a negative impact on material resources and assets.
Probably, it is worth highlighting the situation when an attacker gains access to SAP EAM systems – an attack on them can mean the ability to attack facility management, SCADA, Smart Home or Smart Grid systems.
If an attacker gains access to managing objects and industrial systems, he will be able to change various parameters of equipment operation in production – for example, manipulation of such parameters as temperature and pressure can lead to extremely negative consequences, up to human deaths. One way or another, this type of threat should not be underestimated.
It is believed that fraud is the most common type of threat, and this is not surprising. Fraud may be partially similar to the described sabotage in that the objects of attack in both cases may be similar, but the notable difference is the presence of a direct personal benefit from the actions taken.
In this case, financial fraud is the most common – it can be the transfer of money to a third party’s bank account, financial reports embezzlement, or manipulation of salary changes. Stealing money, by the way, is extremely popular among insiders, as it provides the attacker with the opportunity to immediately receive the desired material benefit. Of the relative benefits of this type of threat, one can note a high degree of detection, since often the criminal is quite easy to figure out.
An attacker can also manipulate finished goods, raw material or assets. By the way, ransomware – attacks carried out with the help of special malicious software – also belong to this type of threat.
So today we talked about the three main types of threats that a company using SAP can face. Each attack, of course, needs to be dealt with individually, but following general security guidelines is necessary to keep your SAP system secure.