Security researchers have presented proof-of-concept code capable of accessing the database driving a Microsoft ERP system and then diverting funds while avoiding immediate detection.
Tom Eston and Brett Kimmel of vendor SecureState presented the would-be malware this week at the Black Hat Abu Dhabi conference.
For hackers seeking big money, infiltrating an enterprise resource planning system would be like hitting the jackpot. Once inside, cybercriminals would have access to financial software, as well as applications driving business operations.
Makers of corporate enterprise resource planning (ERP) systems include Oracle and SAP, while Microsoft's Dynamics Great Plains software is for midsize businesses.
Hacking Great Plans, or any other ERP system, requires more than just technical expertise.An accountant would also be needed to make sense of the information in the database and to manipulate accounts in a way to avoid immediate detection.
Project Mayhem included tech experts and a certified public accountant. "It's that blending of unique knowledge that facilities the ability to find [where to] attack.