First Example Of SAP Breach Surfaces

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/attacks-breaches/first-example-of-sap-breach-surfaces/d/d-id/1320382

By Ericka Chickowski
Dark Reading
5/12/2015

USIS attack in 2013 stealing background check information about government 
personnel with classified clearance came by way of an SAP exploit.

After the better part of a decade of warnings that SAP and other 
enterprise resource planning (ERP) systems are wide open to attack at most 
organizations, this week finally brought confirmation of a high-profile 
breach that used SAP as its initial attack vector. The attack is a good 
example of the high-stakes information contained in ERP systems that are 
ripe for the plucking—in this case the stolen goods were files used for 
background checks on federal employees and contractors with access to 
classified intelligence.

Perpetrated back in 2013, this attack against US Investigations Services, 
a contractor in charge of conducting federal background checks, came to 
public light last year, but details at that time were sparse. 
Investigators had mentioned during the initial breaking of the story that 
they suspected state-sponsored Chinese attackers. But over the weekend 
Nextgov.com reported that an internal investigation points to evidence 
that attackers broke into USIS through an exploit in an SAP system managed 
by a third party.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/