More Debits & Credits Posts

Accounting Software Vulnerable to Hackers

December 7, 2012

Security researchers recently demonstrated a new way that accounting software could be hacked, allowing unauthorized payments to be sent to cybercriminals.

The security site Dark Reading reported Wednesday on proof-of-concept code that was unveiled by researchers at the firm SecureState at a conference in Abu Dhabi. They showed how hackers could create a backdoor in Microsoft Dynamics GP, formerly known as Great Plains Dynamics, but pointed out that similar techniques could be employed with other accounting packages, such as MAS 90, Peachtree, Oracle and SAP.

They created a script that is able to make remote SQL database queries and commit financial fraud using a technique they refer to as “injection and hooking.” Unlike earlier hacking techniques, they would not need to install a piece of Trojan malware in the system that might be detected by antivirus software.

While the Mayhem script was just a proof of concept by researchers whose goal is to make accounting software more secure, it would not be surprising if the same technique were employed by the very hackers they hope to outwit.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.