Depending on the permissions of the stolen SAP credentials, in addition to stealing data, attackers can set up rogue payments or disrupt business operations.
According to ERPScan, 86 percent of companies on the Forbes 500 list use SAP software.
To mitigate the damage caused by possible attacks on their SAP systems, companies should grant users the minimum access privilege level required to complete their job, should implement two-factor authentication, run anti-malware programs and network intrusion detection systems, train their employees to avoid malware infections and keep the software running on their workstations up to date, McDonald said.
"This trojans targeting of businesses, as opposed to individuals, is an alarming move and we will be monitoring this for further developments to protect and inform our customers," he said.
Sign up for CIO Asia eNewsletters.