Get the Tech News Flash Newsletter from TechNewsWorld » View Sample | Subscribe
Welcome Guest | Sign In
CRMBuyer.com
Ideoclick eBook

Salesforce Issues Dyre Warning

By Erika Morphy
Sep 10, 2014 12:55 PM PT

Salesforce.com this week notified its customers that the Dyre malware, which typically targets customers of large financial institutions, might have been tweaked to target some Salesforce users as well.

Salesforce Issues Dyre Warning

There was no evidence that any Salesforce customers had been impacted, the company said, but if any customer should be affected, it would provide guidance.

Salesforce emphasized the malware was not exploiting any vulnerability within its system. Dyre resides on infected computer systems and steals user log-in credentials.

"Cloud providers take responsibility for protecting their applications from downtime and service-wide security breaches -- not for security of user credentials and data, which remain the responsibility of the enterprise," BitGlass CEO Nat Kausik told CRM Buyer.

Why Salesforce?

It is not surprising that a malware writer would target a cloud-based CRM system, said Ken Westin, security analyst for Tripwire.

They are optimal targets because they are easily accessed online and contain a great deal of information about a range of businesses, he told CRM Buyer.

"Downloading a customer list is an excellent start to a successful spearphishing campaign," Westin noted. "All the information necessary to write an email that looks like it came from a trusted source is included in these databases."

Other reasons include gaining access to sensitive business information, such as marketing campaigns, with the intent of selling it.

Salesforce's Response

Salesforce is handling the possible threat to its customers by the book, said David Pack, director of LogRhythm.

"Since the malware in question resides on users' endpoints, completely outside of Salesforce's control, they certainly could have made the case that it's not their problem," he told CRM Buyer.

Instead, "they have been proactive in notifying the community of the threat, have provided guidance outlining ways to mitigate the threat, and have stated that they will notify customers if they suspect an actual compromise has happened. In short, they are sharing information, providing clear mitigation strategies, and committing to continued focus on their customer's security."

A Wake-Up Call

The incident is a wake-up call for cloud service providers and the companies that use them, said Kevin Jones, senior information security architect for Thycotic.

"Any business using cloud-based services needs to gain better control and visibility into activity around user credentials," he told CRM Buyer. "Those credentials need to be changed often, using best security practices. IT needs to be able to manage passwords automatically, so they know when they've been changed, who in the organization is using them, and most of all, when they've been compromised."

Also, IT should be educating staff on what phishing sites and emails often look like in order to mitigate future risk, Jones added.

"Often, IT or technically savvy IT admins take it for granted that a bank or a vendor would never email you asking for your password. Don't assume that everyone in your organization knows this."

That is not to say the cloud is on the brink of becoming a dangerous place for companies.

"Cloud security is improving all the time, with encryption of the stored data, two-factor authentication mechanisms, and intelligent monitoring systems that can identify activities that are aberrant," Scott Chate, VP with Corent Technology told CRM Buyer.

"However, the cybercriminals are also reacting to every advance with new techniques and exploits of inevitable bugs," he noted. "It's a war where the enemy is largely unseen and hard to identify, as they are often far away in other jurisdictions."


Erika Morphy has been writing about technology, finance and business issues for more than 20 years. She lives in Silver Spring, Md.


Contact Center AI Explained by Pop Culture
What was your initial reaction to news of the Colonial Pipeline cyberattack?
It demonstrates that all critical infrastructure sectors are at high risk of disruption by cybercriminals.
Everyone will be paying for this attack in the form of higher energy costs.
Governments need to work more closely with private industries to protect networks for the sake of public safety.
It's a global problem. An international alliance must be formed to hold the perpetrators accountable and prevent future attacks.
Contact Center AI Explained by Pop Culture