Salesforce under attack: Dyre malware slurping CRM data
Salesforce.com is warning that malicious types are trying to attack customers with a remote access Trojan called Dyre that’s designed to slurp user’s login credentials.
The company has just issued an alert which states: “On September 3, 2014, one of our security partners identified that the Dyre malware (also known as Dyreza), which typically targets customers of large, well-known financial institutions, may now also target some Salesforce users.”
“We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation. If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance.”
Salesforce.com points out that the vulnerability isn’t really its fault. The malware doesn’t infect computers via a flaw in Salesforce’s software. Instead it uses a different route – usually a phishing attack. However, once the Trojan has infected a PC it is directed to siphon off data from Salesforce users, rerouting the data back to its master. Salesforce said the malware even steals SSL-encrypted data.
To avoid any unwanted data theft incidents, Salesforce is recommending users ensure the malware’s signature is added to their antivirus software. Furthermore, it says admins should restrict the range of IP addresses users can login to Salesforce.com from. It also recommends adding two-factor authentication if you want to be doubly, extra-safe from any attacks.
Users might recall a short outage affecting Salesforce.com on Friday, however the company says the malware was not a factor in this. Whatever did cause that incident has now been fixed and Salesforce’s status page shows that all instances are up and running as they should be.
What is interesting is why the attackers are so interested in stealing data from Salesforce’s customers. The company declined to speculate on this, but notes that until now Dyre has almost exclusively been used to attack the lucrative world of online banking.
One theory is that the attackers are using Dyre to try and carry out a CRM-specific attack. If that is the case, and if the attack succeeds, whichever company is being targeted would be in very ‘dire’ straits.
photo credit: pasukaru76 via photopin cc
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
