- Unauthorized access to a Web service on SAP PI, which allows sending XML packets. SAP PI can usually be accessed from the Internet.
- XML Tunneling: A new technique which allows sending any TCP packet to internal systems by putting them into XML packets.
- Buffer overflow in SAP Kernel.
Is SAP the Latest Malware Target?
Reports over the past several weeks have pointed to potential malware -- a variation on the Shiz banking-related Trojan -- that is targeting SAP installations. This nasty piece of business was originally designed to provide attackers with remote access to an infected PC and steal online-banking passwords and cryptographic certificates. According to Infoworld, the malware was discovered a few weeks ago by Russian antivirus company Doctor Web, which shared it with security researchers. Alexander Polyakov, chief technology officer at ERPScan, gave presentations at RSA Europe and at Black Hat. He claims this is not just a proof-of-concept, but an actual virus that was created in the wild by evil-doers. According to this blog post on ERPScan’s website, the attack uses this chain of vulnerabilities: