http://www.darkreading.com/attacks-breaches/first-example-of-sap-breach-surfaces/d/d-id/1320382
By Ericka Chickowski
Dark Reading
5/12/2015
USIS attack in 2013 stealing background check information about government
personnel with classified clearance came by way of an SAP exploit.
After the better part of a decade of warnings that SAP and other
enterprise resource planning (ERP) systems are wide open to attack at most
organizations, this week finally brought confirmation of a high-profile
breach that used SAP as its initial attack vector. The attack is a good
example of the high-stakes information contained in ERP systems that are
ripe for the plucking—in this case the stolen goods were files used for
background checks on federal employees and contractors with access to
classified intelligence.
Perpetrated back in 2013, this attack against US Investigations Services,
a contractor in charge of conducting federal background checks, came to
public light last year, but details at that time were sparse.
Investigators had mentioned during the initial breaking of the story that
they suspected state-sponsored Chinese attackers. But over the weekend
Nextgov.com reported that an internal investigation points to evidence
that attackers broke into USIS through an exploit in an SAP system managed
by a third party.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
