SAP customers are usually very large enterprises. There are almost 250,000 companies using SAP products in the world, including over 80 percent of those on the Forbes 500 list, according to Polyakov.
If timed correctly, some attacks could even influence the company's stock and would allow the attackers to profit on the stock market, according to Polyakov.
Dr. Web detects the new malware variant as part of the Trojan.Ibank family, but this is likely a generic alias, he said. "My colleagues said that this is a new modification of a known banking Trojan, but it's not one of the very popular ones like ZeuS or SpyEye."
However, malware is not the only threat to SAP customers. ERPScan discovered a critical unauthenticated remote code execution vulnerability in SAProuter, an application that acts as a proxy between internal SAP systems and the Internet.
A patch for this vulnerability was released six months ago, but ERPScan found that out of 5,000 SAProuters accessible from the Internet, only 15 percent currently have the patch, Polyakov said. If you get access to a company's SAProuter, you're inside the network and you can do the same things you can when you have access to a SAP workstation, he said.
Sign up for CIO Asia eNewsletters.