Risks of Using 1C and BAS for Ukrainian Businesses: How a Phishing Email Can Grant Access to an Entire Company’s Accounting System
Cyber threats targeting Ukrainian businesses are becoming increasingly sophisticated. While hackers once relied on viruses or server breaches, today the primary attack vector is social engineering-fraudulent emails designed to look like ordinary business correspondence.
Recently, Ukrainian companies have been receiving emails that appear to be standard business collaboration requests, seemingly from legitimate service providers or potential clients. These messages typically include a brief company description, a contact person, and a link to a file containing a “detailed list of required services.”
At first glance, this appears to be a typical request for a commercial proposal. However, clicking the link can trigger a malicious mechanism capable of gaining access to the user’s computer or the company’s corporate network. Such attacks pose a significant threat, particularly if critical financial data is stored in vulnerable or outdated systems.
How Corporate Data Theft Schemes Work
Most modern attacks on companies begin with phishing emails designed to appear highly convincing. A typical attack scenario looks like this:
- The company receives an email with a business collaboration request.
- The email contains a link to a file or cloud storage.
- An employee clicks the link, expecting to view a technical specification or service list.
- Malicious code is executed on the computer, or an infected file is downloaded.
- Attackers gain access to the corporate network and company data.
In many cases, the company may not immediately realize it has been targeted. Hackers can spend weeks or months gathering information, accessing:
- Accounting databases
- Financial documents
- Payment details
- Contracts with counterparties
- Internal management information
Why Accounting Systems Are Prime Targets
For cybercriminals, systems that store financial information are the most valuable, including:
- Bank transactions
- Financial reports
- Tax data
- Supplier and client information
- Invoices and payments
ERP and accounting systems are therefore among the first targets during attacks. If these systems have weak security mechanisms or rely on outdated architectures, the consequences for the business can be critical.
Risks of Using 1C and BAS for Ukrainian Companies
Many Ukrainian enterprises still use 1C or BAS as their primary accounting system. However, these solutions carry significant risks for modern businesses. The main issues include:
⚠️ Outdated architecture developed decades ago, not designed for contemporary cyber threats
⚠️ High reliance on third-party modifications and modules, which may contain vulnerabilities
⚠️ Insufficient access control mechanisms
⚠️ Limited audit capabilities for user actions
⚠️ Risks associated with integration with unverified services and modules
As a result, a single infected computer or careless click can grant access to the entire accounting system. Key risks include:
Outdated Software Architecture
Many components of 1C and BAS architectures were created decades ago. Since then, there have been major changes in:
- Cybersecurity principles
- Corporate data protection standards
- Access management approaches
Consequently, these systems often have limited built-in security mechanisms and rely heavily on configuration or third-party modifications. In today’s environment, this creates additional vulnerability points.
Extensive Use of Third-Party Modifications
A distinctive feature of 1C and BAS systems is the large number of third-party customizations. Companies often use:
- Proprietary modules
- Third-party extensions
- Integrations from various developers
These modifications are not always fully security-audited. Any poorly developed extension can create a vulnerability through which attackers gain system access.
Limited Audit and Access Control Tools
In many companies, 1C or BAS functions as the central repository of financial data. However, these systems often offer limited user activity monitoring. This can hinder:
- Tracking suspicious activity
- Auditing changes in financial documents
- Controlling access to critical data
In the event of a breach, it can be difficult to determine when the information leak occurred.
High Risk of Compromise via Workstations
Most modern business attacks start with employee computers. If even one computer is infected, attackers can attempt to access:
- Accounting databases
- Servers
- Corporate management systems
Without advanced access control in the ERP system, an attack can spread across the entire enterprise infrastructure.
Concentration of Critical Financial Data
Accounting systems typically contain the most sensitive business information, including:
- Financial performance metrics
- Tax records
- Bank account details
- Counterparty data
This concentration makes these systems highly attractive targets for cyberattacks.
Expert Recommendations on Cybersecurity
In cases of suspected phishing or data leaks, Ukrainian companies are advised to contact the State Service of Special Communications and Information Protection of Ukraine.
Experts have repeatedly warned that such phishing campaigns can be used by foreign intelligence agencies. In some instances, these tools are linked to Russian intelligence structures, including the Federal Security Service (FSB) of the Russian Federation.
Potential attack goals include:
- Collection of economic intelligence
- Access to company financial flows
- Acquisition of production or logistics data
- Espionage against Ukrainian companies
The greatest danger is that businesses may not realize their systems are compromised for extended periods.
Why a Modern ERP System Is a Key Part of Business Cybersecurity
Today, an ERP system is not just accounting-it is a central digital platform for managing a company, which must comply with modern information security standards. Modern ERP platforms provide:
- Multi-level data access control
- Comprehensive audit of all user actions
- Integration with cybersecurity systems
- Centralized access rights management
- Compliance with international information security standards
7 Signs Your Accounting System May Have Been Compromised
Cybersecurity experts recommend monitoring for the following:
- Unexplained activity within the accounting system
- Unexpected changes in financial documents
- Suspicious logins outside working hours
- Unknown users appearing in the system
- Server slowdowns
- Connection attempts from unknown IP addresses
- Unexplained changes in access rights
If any of these signs are detected, an immediate security audit is essential.
Why SAP Business One Is Considered One of the Safest ERP Systems
Unlike many legacy systems, SAP Business One was designed as a corporate platform for international businesses with high data security requirements. The system offers:
🔐 Advanced user access management
🔐 Full audit of all system actions
🔐 Integration with corporate security systems
🔐 Data protection at the database and server infrastructure level
🔐 Compliance with international security standards
SAP Business One is trusted by thousands of companies worldwide handling financial data, manufacturing, logistics, and international trade. For modern businesses, it provides not only process automation but also maximum protection of critical information.
Phishing attacks are now one of the most common business cyberattack methods. A single email with a malicious link can serve as the entry point into a corporate network. If financial data is stored in poorly protected systems, business risks multiply significantly.
For Ukrainian companies, this underscores the importance of not only process automation but also securing ERP systems and digital infrastructure.
DIGITAL BUSINESS SOLUTIONS
DIGITAL BUSINESS SOLUTIONS helps companies transition from outdated management systems to modern, world-class ERP solutions. We implement:
- Modern ERP platforms for business management
- Analytical tools for informed decision-making
- Real-time finance and operations monitoring
Our solutions help companies not only automate business processes but also protect critical data from modern cyber threats.
