Onapsis SAP Security In-Depth Volume 3: The Silent Threat – SAP Backdoors and Rootkits
Backdoors and rootkits have existed for a long time in computer code and programs. From PCI cards to the most modern operating systems, almost every system is susceptible of being attacked and modified to contain a hidden malicious program that will ensure future access for the attacker and even perform unauthorized activities, while trying to remain undetected.
As SAP business applications run the most critical business information and processes in an organization, a backdoor in this platform would imply severe negative impacts to the business. If the organization is not securing their systems properly it would be possible for a remote, anonymous attacker to perform continuous espionage, fraud and sabotage attacks through the injection of a backdoor or rootkit in the SAP platform.
This publication analyzes some of the different attack vectors that malicious parties can use to try to inject backdoors and rootkits in the SAP platform, in order to understand which are the necessary protection measures that need to be implemented to protect the business crown jewels.