Sophisticated Companies Fall Victim to Simple Salesforce Scam: A Deep Dive

TL;DR

• Major companies like Google and Adidas fell victim to a simple yet effective Salesforce scam.
• Hackers used social engineering tactics to trick employees into revealing sensitive data.
• Learn how to protect your business from similar threats with actionable defense strategies.

Introduction

In a surprising turn of events, several high-profile companies, including Google, Adidas, Louis Vuitton, and Chanel, were breached through a rudimentary attack method that required little technical finesse—making a phone call. This article delves into the details of the attack, the vulnerabilities exploited, and how businesses can protect themselves from similar threats.

The Attack Method

At the heart of these data breaches was a simple yet effective social engineering scam. Hackers belonging to the group “ShinyHunters” disguised themselves as IT support personnel and successfully tricked employees at several multinational corporations into handing over the data within their own Salesforce platforms. This attack underscores the vulnerability that all businesses face, regardless of size, in preventing cyberattacks that begin through basic social engineering tactics.

The Irony of Google’s Discovery

In a bizarre twist of irony, security researchers at Google Threat Intelligence Group (GITG) originally uncovered the hacking campaign in June, only to announce that Google itself had been hit by the very same tactic this week. Other victims in the hacking campaign include Allianz Life, Qantas, and the jeweler Pandora.

Exploiting Salesforce Features

The data breaches all leveraged a Salesforce feature that allows users to connect to various external apps. This functionality enables business owners and employees to connect their Salesforce data to mapping tools to visualize customer locations or to connect with a newsletter platform to deliver email marketing campaigns to specific customer segments.

In the attacks, the hackers tricked employees into connecting to a fraudulent version of Salesforce’s “Data Loader” app, which lets users import, export, update, and delete large quantities of data stored or managed within Salesforce itself. The process for connecting to an external app is simple, as employees just enter an 8-digit code when prompted by Salesforce. However, once ensnared in the phone scam, employees were tricked into entering an 8-digit code that connected to a data exfiltration program owned and operated entirely by the hackers.

The Aftermath of the Breach

Once connected, the hackers were free to roam inside the company’s Salesforce data and steal what they saw fit. Some attacks reportedly included an expansion by the hackers into other corporate online accounts, including Microsoft 365, which could reveal a company’s emails and other sensitive messages.

In the attack against Google, the hackers accessed a Salesforce “instance,” a term used to describe a company or user’s implementation of software and the data they manage through that software. In the Google attack, the Salesforce instance “was used to store contact information and related notes for small and medium businesses.”

According to Google, “Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”

Ongoing Threats

According to Bleeping Computer, the ShinyHunters cybercrime group is still stealing business data through this attack campaign. Once the hackers have the data, they then extort the victims to pay a hefty ransom or risk having the data exposed online.

How to Stay Safe from the Salesforce Scam

Because this attack is so targeted—every corporate victim uses Salesforce—the defense strategies are clear and actionable. Here’s how you can help yourself and your staff in avoiding this attack.

Audit Your Salesforce Access

Ensure that the only employees or staff who have access to Salesforce are those who need to use it for their job. When there are fewer employees who can access Salesforce, there are fewer entry points for hackers.

Train Your Staff

Recognizing a social engineering scam is important for any workforce, no matter the size. Inform your employees and yourself about your current IT support provider so that any rogue phone calls are immediately caught.

Use Multifactor Authentication (MFA) for Important Accounts

The hackers in these attacks managed to gain access to other cloud applications like Microsoft 365. Protect all your employee accounts on sensitive platforms with MFA.

Conclusion

Social engineering scams are some of the most effective and serious threats to small businesses. It’s important to recognize them when they happen. And for all else, use always-on cybersecurity to protect your business from malware, viruses, and nefarious break-in attempts.

For more details, visit the full article: source

References