News Database Security

'Project Mayhem' Hacks Accounting Software

Kelly Jackson Higgins

See more from Kelly

Connect directly with Kelly: Bio | Contact

No exploit required for defrauding Microsoft and other accounting systems, researchers at Black Hat Abu Dhabi reveal

Kelly Jackson Higgins December 06, 2012

"Really, the back-end controls you need to have in place [are] restrictions on how 'vendors' are added into the accounting system, periodic reconciliation of vendor accounts in the system, and disabling vendors you are no longer doing business with," Eston says. Microsoft also could add program flags in the GP auto-alert feature to reconcile accounts on specific dates, for example, he says.

You can manually set up the program to issue a notification when a record is changed, moved, added, or removed, Kimmell says, or such a feature could be added by Microsoft. It's all about regular reconciliation and auditing to catch these types of nefarious intrusions so inside jobs aren't long-term and devastating, he says.

More Security Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

Onapsis' Nunez says sophisticated targeted attacks against the organization's financial systems are a real threat today. "We are not talking anymore about protecting ourselves only from our employees. Now we need also to protect our system from high-profile targeted attacks that can be exploited by malicious parties who don't even have a valid user account in the ERP systems," Onapsis' Nunez says. "If they are successful in breaking in, you can be sure that a financial fraud would be a matter of minutes."

A copy of Eston and Kimmell's white paper is available here for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

« Previous Page | 1 | 2

Kelly Jackson Higgins

See more from Kelly

Connect directly with Kelly: Bio | Contact

Dark Reading Discussions

Start the Discussion

To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.

Follow Dark Reading

Dark Reading Reports

Security Implications Of Big Data Strategies

To understand how to secure big data, you have to understand what it is - and what it isn't. As organizations set about building big data clusters, they're finding that many of the best practices for securing such clusters are the same used to secure any corporate data. However, there are some big differences as well. Here are some recommendations on how to alter your security strategy to accommodate big data - and when not to.
Building and Maintaining Database Access Control Provisions

Knotted and complex database access permissions are among the biggest threats to enterprise data security. In this Dark Reading report, we examine the problems associated with granting permissions to sensitive data, and recommend solutions that will help organizations thoughtfully and effectively grant privilege when and where it is needed - and only when and where it is needed.
A Guide to Database Activity Monitoring

Database activity monitoring, or DAM, is an effective compliance and security strategy. However, not every DAM system will work the same in every organization. Indeed, not every organization can even make use of every feature that DAM systems provide. In this report, we examine what DAM can and can't do, and recommend how to evaluate and implement the best system for your organization.

Other reports from the Database Security Tech Center:

Related Content

Sponsored by

Control And Protect Sensitive Information In The Era Of Big Data

This report outlines the future look of Forrester's solution for security and risk executives seeking to develop a holistic strategy to protect and manage sensitive data. In the never-ending race to stay ahead of the competition, companies are developing advanced capabilities to store, process, and analyze vast amounts of data from social networks, sensors, IT systems, and other sources to improve business intelligence and decisioning capabilities.
Understanding Holistic Database Security, 8 Steps to Successfully Securing Enterprise Data Sources

This paper discusses the 8 essential best practices that provide a holistic approach to safeguarding data and achieving compliance with a proactive and systematic approach to ensure that corporate databases, data warehouses, file shares and Hadoop-based big data environments are secure from breaches and unauthorized changes, while achieving compliance with key regulations such as SOX, PCI DSS, GLBA, HIPAA and data protection laws.
Database Activities You Should Be Monitoring, Gartner analyst

As data stores grow in scope and importance, the need to monitor activities - especially in RDBMSs becomes essential for meeting legal and regulatory compliance requirements. These databases store huge amounts of sensitive data, affecting both data security and system and data availability. Is the data safe? Who has access and what are they doing with that access?
Top 3 Myths about Big Data Security: Debunking common misconceptions about big data security ebook

Security for big data systems is not optional, it's imperative. This eBook addresses three myths of big data security: 1) Big data is a buzz word; existing security controls will suffice. 2) Big data deals with social media and sentiment analysis; this data is freely given up by individuals, waiving their security rights. 3) Big data equals Hadoop and Hadoop is used for internal analytics only.

Free Research and Reports

What's this?From the Editors of DarkReading

More >>

Box Icon

Whitepapers

What's this?

More >>

Box Icon

Dark Reading Digital Magazine

Dark Reading May 2013 Digital Supplemental Issue

Back Issues

In This Issue

The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.

Download Now

First Name*:
Last Name*:
Email Address*:
Job Title:
Company/Organization/Gov't Dept.:
*Required field
Privacy Statement

Security

Protect The Business - Enable Access

News Database Security

'Project Mayhem' Hacks Accounting Software

No exploit required for defrauding Microsoft and other accounting systems, researchers at Black Hat Abu Dhabi reveal

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

Security Implications Of Big Data Strategies

Building and Maintaining Database Access Control Provisions

A Guide to Database Activity Monitoring

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue

News Database Security

'Project Mayhem' Hacks Accounting Software

No exploit required for defrauding Microsoft and other accounting systems, researchers at Black Hat Abu Dhabi reveal

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

Related Content

Dark Reading Newsletter

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue