Spyware, Ransomware and Worms. How to prevent the next SAP tragedy

Presented at 44CON 2019, Sept. 13, 2019, 11 a.m. (59 minutes)

Is not a secret that SAP is a market leader and one of the principal software providers of the core business applications around the world, nearly 95% of the Fortune-500 companies heavy rely on SAP to perform their most critical and daily operations such as processing payroll, benefits, storing sensitive customers’ information, handling credit cards, logistics and many more. Due to the “ERP Complexity of the simple things” and in combination with several proprietary protocols, entry-points and default misconfigurations, ERPs are particularly vulnerable to Spyware, Ransomware and Worms, making them the ideal targets for this type of attacks due to the economic significance that these systems hold. Join me on this completely new and highly technical talk, in which I’m going to explain through several live demos how the different types of malware could impact SAP and what actions you could take to prevent the next SAP tragedy. As an added value, we will reveal for the first time, our very own project “ARSAP”, a semi-automatic mechanism that detects and register all the SAP systems that are exposed to the Internet, extracting the system’s metadata and cataloging the assets in base of their Geo-location, system type, version, installed components, etc.

Presenters:

• Jordan Santarsieri - Vickxer
  Mr Santarsieri is a founder partner at Vicxer where he utilizes his 12+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world. He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer’s customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats. Jordan has also discovered critical vulnerabilities in Oracle and SAP software, and is a frequent speaker at international security conferences such as Black-Hat, Insomnihack, YSTS, Auscert, Sec-T, Rootcon, NanoSec, Hacker Halted, OWASP US, 8dot8, DragonJAR and Ekoparty.

Links:

• https://44con2019.sched.com/event/Tdge/jordan-santarsieri-spyware-ransomware-and-worms-how-to-prevent-the-next-sap-tragedy
• https://infocon.org/cons/44CON/44CON 2019/Spyware, Ransomware And Worms. How To Prevent The Next SAP Tragedy - Jordan Santarsieri.mp4
• https://infocon.org/cons/44CON/44CON 2019/Spyware, Ransomware And Worms. How To Prevent The Next SAP Tragedy - Jordan Santarsieri.eng.srt (subtitles)

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / ERP Security: Assess, Exploit and Defend SAP Platforms
• TROOPERS16 (2016) / An easy way into your multi-million dollar SAP systems: An unknown default SAP account
• DEF CON 20 (2012) / Uncovering SAP Vulnerabilities: Reversing and Breaking the Diag Protocol