[ISN] First Example Of SAP Breach Surfaces

http://www.darkreading.com/attacks-breaches/first-example-of-sap-breach-surfaces/d/d-id/1320382 By Ericka Chickowski Dark Reading 5/12/2015 USIS attack in 2013 stealing background check information about government personnel with classified clearance came by way of an SAP exploit. After the better part of a decade of warnings that SAP and other enterprise resource planning (ERP) systems are wide open to attack at most organizations, this week finally brought confirmation of a high-profile breach that used SAP as its initial attack vector. The attack is a good example of the high-stakes information contained in ERP systems that are ripe for the plucking—in this case the stolen goods were files used for background checks on federal employees and contractors with access to classified intelligence. Perpetrated back in 2013, this attack against US Investigations Services, a contractor in charge of conducting federal background checks, came to public light last year, but details at that time were sparse. Investigators had mentioned during the initial breaking of the story that they suspected state-sponsored Chinese attackers. But over the weekend Nextgov.com reported that an internal investigation points to evidence that attackers broke into USIS through an exploit in an SAP system managed by a third party. […]