Many of the companies and government agencies are been targeted and thousands more are exposed to data breaches by hackers exploiting old security rules in management software, two cybersecurity gave a study about this. Many companies have highlights the risks posed to thousands of unpatched business system from software maker’s Oracle and SAP. There are a few points which researchers got to know which can enable hackers to steal corporate secrets. Systems at two government agencies and at the firm in the media, energy, and finance sectors were after failing to install patches or security measures advised by Oracle or sap.
The alarms were raised because firms store highly sensitive data including financial results, manufacturing secrets, and credit card numbers in the products which are known as the enterprise resource planning software and in related applications for managing customers, employees and suppliers. An attacker can exploit these vulnerabilities to obtain access to sensitive information.
Many of these issues date back a decade or more but the new report shows rapidly rising interest by hacker activities, cybercriminals, and government spy agencies in capitalizing on these issues. These attackers are ready to exploit years old risks that give them full access to SAP and Oracle systems without being detected. An SAP spokesman said that in general, the company takes security issues seriously across its organizations.
There were many recommendations for many of the people is to implement SAP security patches as soon as they are available to protect SAP infrastructure from attacks. Oracle was not immediately available to comment. Companies of Oracle release regular patches to known security bugs in their security software. However, customers are often reluctant to make fixes out of fear doing so might disrupt their manufacturing, sales or financing activities.
Risks also arise from installation mistakes or growing moves to reach mobile or online users. The new alert warning to some SAP customers after uncovered plans by Chinese hackers to exploit out of date software used by dozens of companies. Oracle software installations exposed to the internet at more than three thousand top companies, government agencies, and universities. They did not name the affected organizations, but data saw the many of the world’s best-known firms at risk.
Now in the many companies combindly at least ten thousand servers are running incorrectly configured software that could subject them to direct attack using known SAP or Oracle exploits. More than four thousand known bugs in SAP and five thousand in Oracle software pose security threats, especially in older systems that operators may consider uneconomical to fix. Publicly disclosed attacks are rare, so the problem remains largely ignored.
One of the highest profile attacks occurred when hackers used as SAP vulnerability to break into the US investigations service the largest commercial provider of background checks and security clearances for federal employees. Digital shadows combed through Google searches, social media chatter and the dark web where the Russian hackers forum regarding how to use specific SAP and Oracle vulnerabilities. They also found some hackers were dropping on discussion boards where third-party technology contractors share work tips, including default passwords that hackers can use to access some system.