CRM giant Salesforce has warned its users they could be targeted by a malware attack that usually hits customers of large, well-known financial institutions.
Salesforce released a statement Sept. 3 that one of its security partners concluded that the Dyre malware (also known as Dyreza) "may now also target some Salesforce users."
"We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation," according to the Salesforce statement. "If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance."
Reached by CMSWire today, a Salesforce representative issued a statement, saying, "At salesforce.com, trust is our #1 value and we take the protection of our customers' data very seriously. Please visit trust.salesforce.com for information."
What is this malware anyway?
Zulfikar Ramzan, CTO of Elastica where he helps improves the security of cloud services, blogged that "targeting Salesforce is new behavior for this malware, but there is no reason why it could not be readily adapted to target Salesforce or any other SaaS application for that matter."
The malware, he added, usually infects a system via "straightforward social engineering mechanisms."
"For example," Ramzan wrote, "a victim will receive an email containing a hyperlink with messaging that entices the victim to click on it.
Upon doing so, the victim is presented with the Dyreza malware for download. Once installed on the system, the Dyreza malware will, among other things, employ a technique known as browser hooking. Browser hooking allows Dyreza to intercept content entered by the user into the web browser before that content is transmitted over the network to a web site -- and specifically browser hooking allows this interception to occur before the data is encrypted."
Salesforce officials said in its statement the problem "is not a vulnerability within Salesforce. It is malware that resides on infected computer systems and is designed to steal user log-in credentials and resides on infected customer systems."
They sent readers to this site for more information.
Salesforce officials recommended users work with their IT security team to validate that their anti-malware solution is capable of detecting the Dyre malware.
Salesforce officials also recommend users leverage the following security capabilities of the Salesforce platform:
- Activate IP Range Restrictions to allow users to access salesforce.com only from a corporate network or VPN.
- Use SMS Identity Confirmation to add an extra layer of login protection when salesforce credentials are used from an unknown source.
- Implement Salesforce#, which provides an additional layer of security with 2-step verification. The app is available via the iTunes App Store or via Google Play for Android devices.
- Leverage SAML authentication capabilities to require that all authentication attempts be sourced from a network.