Homeland Security warns of spike in ERP system attacks

The US Department of Homeland Security has issued an alert warning organisations in the healthcare sector of increased activity by nation-state actors, criminal groups and hacktivists targeting enterprise resource planning (ERP) systems. ERP systems are web-based applications used to manage business operations and hold valuable information. The report identified an increase in zero-day exploits and vulnerabilities surrounding Oracle and SAP products, the largest providers of cloud-based ERPs. The researchers also found that many ERP applications face the internet with weak security, and cybercriminals often use leaked username and password information from other data breaches to gain access. Patching, better patch management, and continuously assessing risks are recommended solutions.