How Hackers Can Hack the Oil and Gas Industry With ERP Systems
Researchers at the Black Hat Europe conference in November will demonstrate how SAP applications can be used as a stepping stone to sabotage oil and gas processes.
Hackers can exploit weaknesses in enterprise resource planning (ERP) systems on oil and gas firms’ corporate networks in order to sabotage pipeline pressure or hide oil spills, researchers have discovered.
Researchers at Black Hat Europe, set for 10–13 November in Amsterdam, will demonstrate these and other attacks on oil and gas networks by abusing holes in SAP ERP applications used in the industrial sector. Oil and gas industrial networks rely on ERP software to help manage and oversee the oil and gas production and delivery processes.
“We want to show that not only Stuxnet-type attacks using USB are possible,” said Alexander Polyakov, chief technology officer and founder of ERPScan, who, with Mathieu Geli, a researcher with ERPScan, will demonstrate several proof-of-concept attacks at the conference. An attacker could hack the systems remotely over the Internet, he says, or from the oil and gas firm’s corporate network.
“SAP is a key to this kingdom because it has a lot of products specifically designed to manage some processes such as operational integrity or hydrocarbon supply chain. Since SAP systems are implemented in, if I’m not mistaken, about 90% of oil and gas companies, this key can open many doors,” he said. “SAP is connected with some critical processes which, in their turn, are connected with other processes, and so on.”