Log in
Show password
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 


SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Study warns of rising hacker threats to SAP, Oracle business software

07/25/2018 | 10:59am EDT
The Oracle logo is shown on an office building in Irvine, California

LONDON (Reuters) - At least a dozen companies and government agencies have been targeted and thousands more are exposed to data breaches by hackers exploiting old security flaws in management software, two cyber security firms said in a study published on Wednesday.

The Department of Homeland Security issued an alert citing the study by security firms Digital Shadows and Onapsis that highlights the risks posed to thousands of unpatched business systems from software makers Oracle and SAP.

These can enable hackers to steal corporate secrets, the researchers said.

Systems at two government agencies and at firms in the media, energy and finance sectors were hit after failing to install patches or take other security measures advised by Oracle or SAP, security firms Onapsis and Digital Shadows said in the newly published report. (https://goo.gl/pWbz3Q)

The alarm was raised because firms store highly sensitive data – including financial results, manufacturing secrets and credit card numbers – in the vulnerable products, known as enterprise resource planning (ERP) software and in related applications for managing customers, employees and suppliers.

In an alert entitled "Malicious cyber activity targeting ERP applications", the Homeland Security's National Cybersecurity and Communications Integration Center highlighted signs of increasing hacker focus on ERP applications, citing the study.

"An attacker can exploit these vulnerabilities to obtain access to sensitive information," said NCCIC, an arm of the U.S. Computer Emergency Readiness Team (US-CERT).

Many of these issues date back a decade or more, but the new report shows rapidly rising interest by hacker activists, cyber criminals and government spy agencies in capitalising on these issues, Onapsis Chief Executive Mariano Nunez told Reuters.

"These attackers are ready to exploit years-old risks that give them full access to SAP and Oracle systems without being detected," he said. "The urgency level among chief security officers and CEOs should be far higher."

An SAP spokesman said that, in general, the company takes security issues seriously across its organisation.

"Our recommendation to all of our customers is to implement SAP security patches as soon as they are available - typically on the second Tuesday of every month - to protect SAP infrastructure from attacks.

Oracle was not immediately available to comment.

Both companies release regular patches to known security bugs in their software. However, customers are often reluctant to make fixes out of fear doing so might disrupt their manufacturing, sales or finance activities.

Risks also arise from installation mistakes or growing moves to link traditionally back-office business systems to the cloud in order to reach mobile or online users.


The new alert follows a 2016 Homeland Security department warning to some SAP customers after Onapsis uncovered plans by Chinese hackers to exploit out-of-date s
oftware used by dozens of companies, Nunez said. (https://reut.rs/2JKJvCI

In their latest research, Onapsis and online monitoring firm Digital Shadows identified some 17,000 SAP and Oracle software installations exposed to the internet at more than 3,000 top companies, government agencies and universities.

They did not name the affected organisations, but data seen by Reuters shows many of the world's best-known firms at risk.

At least 10,000 servers are running incorrectly configured software that could subject them to direct attack using known SAP or Oracle exploits, the report's authors warned.

More than 4,000 known bugs in SAP and 5,000 in Oracle software pose security threats, especially in older systems that operators may consider uneconomical to fix, they said in Wednesday's report.

"Publicly disclosed attacks are rare, so the problem remains largely ignored," Gartner industry analyst Neil MacDonald wrote in a review of corporate security tools last year.

One of the highest profile attacks occurred in 2013 and 2014 when hackers used an SAP vulnerability to break into the U.S. Investigations Service, the largest commercial provider of background checks and security clearances for federal employees.

This year, hackers began exploiting a vulnerability in WebLogic servers which Oracle fixed last October. Their targets included attacking Oracle PeopleSoft ERP systems so as to make money from mining crypto currencies, the report said.

Digital Shadows combed through Google searches, social media chatter and the dark web where they found discussions in Chinese and Russian hacker forums regarding how to use specific SAP and Oracle vulnerabilities.

They also discovered some hackers were eavesdropping on discussion boards where third-party technology contractors share work tips, including default passwords that hackers can use to access some systems.

Hacker interest in how to exploit SAP and Oracle vulnerabilities spiked two years ago and jumped another 160 percent last year across Twitter, according to the study.

(This version of the story corrects name of security firm to "Digital Shadows" from "Digital Sky" in second paragraph).

(Reporting by Eric Auchard; editing by Jim Finkle, Jason Neely and Kirsten Donovan)

By Eric Auchard

ę Reuters 2018
Stocks mentioned in the article
ChangeLast1st jan.
ALPHABET INC. 0.89% 2830.13 Delayed Quote.60.08%
BEST INC. 10.96% 1.8881 Delayed Quote.-17.16%
GARTNER, INC. 1.58% 321.51 Delayed Quote.91.96%
JASON CO., LTD. -0.93% 531 End-of-day quote.-20.51%
ONE STOP SYSTEMS, INC. -0.48% 5.3 Delayed Quote.31.50%
ORACLE CORPORATION 1.72% 89.94 Delayed Quote.34.36%
SAGE GROUP PLC 1.01% 758.8 Delayed Quote.29.07%
SAP SE 1.55% 123.06 Delayed Quote.13.00%
TEAM, INC. 1.12% 3.64 Delayed Quote.-67.25%
04:57aORACLE : to Optimize Network Resources of UK's BT Group
04:01aORACLE : BT and Oracle to accelerate delivery of new 5G services in the UK
09/22ORACLE : Kaltura to Deploy Oracle's Cloud Infrastructure Amid International Expansion Plan..
09/21ORACLE : Announces Fusion Marketing, the First Solution to Fully Automate Lead Generation ..
09/20ORACLE : Morgan Stanley Adjusts Price Target on Oracle to $87 From $77, Maintains Equal-We..
09/20ORACLE : Introduces New Service to Automate Parts of Digital Marketing
09/20ORACLE : Cablenet Monetizes Fast Growing Mobile Business with Oracle
09/20Cablenet Communication Systems Ltd Monetizes Fast Growing Mobile Business with Oracle C..
09/20ADOBE : Oracle uses AI to automate parts of digital marketing
09/20ORACLE : University of Oxford and Oracle Cloud System Helping Researchers Identify COVID-1..
More news
Analyst Recommendations on ORACLE CORPORATION
More recommendations
Financials (USD)
Sales 2022 42 186 M - -
Net income 2022 10 688 M - -
Net Debt 2022 43 318 M - -
P/E ratio 2022 24,5x
Yield 2022 1,45%
Capitalization 242 B 242 B -
EV / Sales 2022 6,77x
EV / Sales 2023 6,57x
Nbr of Employees 132 000
Free-Float 58,2%
Duration : Period :
Oracle Corporation Technical Analysis Chart | ORCL | US68389X1054 | MarketScreener
Technical analysis trends ORACLE CORPORATION
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus HOLD
Number of Analysts 27
Last Close Price 88,44 $
Average target price 87,80 $
Spread / Average Target -0,72%
EPS Revisions
Managers and Directors
Safra Ada Catz Chief Executive Officer & Director
Lawrence Joseph Ellison Chairman & Chief Technology Officer
Michael J. Boskin Independent Director
Jeffrey S. Berg Independent Director
Naomi O. Seligman Independent Director
Sector and Competitors
1st jan.Capi. (M$)
SAP SE13.00%167 764
INTUIT INC.46.18%153 696
SERVICENOW, INC.20.39%131 294
DOCUSIGN, INC.23.27%53 909