Credit: CSO Staff
In early July, news circulated that a Chinese manufacturer stood accused of tampering with the firmware of hand-held scanners.
The firmware, modified with malware that targeted supply chain resources, harvested data from Enterprise Resource Planning (ERP) platforms -- grabbing everything it could from financial data, to logistical and customer information.
Attacks such as this demonstrate the blind spot that most organizations have when it comes to security. Many of the organizations impacted by this embedded attack, called ZombieZero by the security firm that discovered it (TrapX), had all the latest and greatest when it came to defenses, but they were implemented and designed to flag attacks from the outside - not a product scanner used in the shipping department.
"The Zombie Zero attack started from hardware purchased and deployed inside the target's infrastructure and didn't attack the operating systems - but instead went straight for the ERP systems," said Mariano Nunez, the founder and CEO of Onapsis, during an interview with CSO.
"The unfortunate reality is that the attackers are ahead of most organizations because few have a mature security practice regarding the monitoring of attacks against their ERP and SAP systems, let alone include these systems in their vulnerability management programs."
Case in point, Microsoft issued a warning last November, about a Trojan that was based on the Carberp family of malware targeting SAP.
In their notification, Redmond said that they believed it was the first time malware was written to target the platform. This, Nunez says, implies that attackers have identified a rich target inside of organizations: the ERP platform - which hosts all of the company's critical data and processes.
"In this instance, the malware was smuggled into the targets via scanner equipment. But the next time the Trojan horse could be a printer, router, access point or some other piece of equipment that most people consider to be benign," he added.
If protecting ERP and supply chain management (SCM) platforms is so important, why do organizations fail to monitor these systems on the same level that they would endpoints or other systems on the network?
"The truth is because it is not easy," Nunez explained, "there are a number of challenges."
"Even in a lot of mature organizations these ERP systems have grown organically, through individual business units creating their own systems to external systems integrated to the core via acquisitions. Understanding the true scope and inter-connectivity of these systems is a significant project. Secondly, the protocols these systems use are often proprietary, meaning traditional IDS and other technology is unable to understand the communication between these systems and distinguish good traffic from malicious traffic."
Sign up for Computerworld eNewsletters.