Onapsis SAP Security In-Depth publication
Onapsis' SAP Security In-Depth is a free technical publication leaded by the Onapsis Research Labs with the purpose of providing specialized information about the current and future risks in the SAP security field, allowing all the different actors (financial managers, information security managers, SAP administrators, auditors, consultants and the general professional community) to better understand the involved risks and the techniques and tools available to assess and mitigate them.
In this edition: "The Silent Threat: SAP Backdoors and Rootkits", by Mariano Nuñez Di Croce.
"Backdoors and rootkits have existed for a long time. From PCI cards to the most modern operating systems, almost every system is susceptible of being attacked and modified to hold a malicious program that will secure future access for the attacker and even perform unauthorized activities, while trying to remain undetected.
As SAP business solutions run the most critical business information and processes in the organization, a backdoor in this platform would imply severe impacts for the business. If the organization is not securing its systems properly, it would be possible for a remote, anonymous attacker to perform continuous espionage, fraud and sabotage attacks through the injection of a backdoor or rootkit in the SAP platform.
This publication analyzes some of the different attack vectors that malicious parties can use to try to inject backdoors and rootkits in the SAP platform, in order to understand which are the necessary protection measures that need to be implemented to protect the business crown jewels."