HoneySAP: Who really wants your money

Targeted attacks against ERP systems and enterprise software are not something new, however they only started appearing in the media in recent years. On the other hand, we also have new kinds of attacks by means of malware and malicious programs. Understanding the motivations and techniques adversaries use to target systems where company's most valuable assets reside is crucial to understand the nature of the attacks and the defense strategies.

This talk will introduce HoneySAP, a low-interaction research honeypot aimed at learning the techniques, tactics and motivations behind the attacks against SAP systems. When deployed, HoneySAP will be able to mimic services shown by regular SAP systems suitable for both internal and external network profiles, as well as integrate with other honeypots and attack feed systems. Creating HoneySAP involved hours of learning and understanding the inner-workings of the implemented services, how to mimic their behaviour and the best strategies to with clients. We would like to share some of the lessons learned and hope to encourage discussions about potential applications and uses of HoneySAP, as well as welcome contributions to the project.