Salesforce, the customer relationship management software providers, released a statement on their website stating that one of their security partners identified the possibility of Dyre malware targeting Salesforce users last week.
It was not made clear in the notification how the malware is being used to target Salesforce clients, but SentinelOne CEO Tomer Weingarten noted in an interview with SC Magazine that Dyre has been spread through phishing campaigns in the past. Ronnie Tokazowski, a senior researcher with PhishMe, identified Dyre being used in a phishing scheme in June and told SC Magazine that the malware is able to bypass SSL mechanisms in browsers and surreptitiously modify network traffic. Tokazowski also noted that Dyre utilizes a technique known as browser hooking to intercept user login credentials before they are transmitted over the network to a website. The data is stolen before it is encrypted, making this an especially dangerous attack method.
There are multiple reasons cybercriminals could be targeting Salesforce accounts with Dyre attacks, according to Weingarten. They could be using browser hooking to steal credentials in order to make off with databases, or simply attempting to spread the infection of the malware further through a known source. Weingarten added that Dyre can be adapted to steal a variety of different credentials, so either scenario is possible. An earlier version of the malware was found to have targeted the sites of multiple well known financial institutions, including Bank of America, RBS, CitiBank and Ulsterbank.
History of malware attacks
According to PCWorld contributor Lucian Constantin, this is not the first time malware has been used to launch a cyberattack on Salesforce's site. Security researchers found a version of the popular Zeus Trojan in February that had been adapted to steal sensitive business information from Salesforce accounts.
"This alert is yet another in a growing number of wakeup calls for SaaS adopters that you cannot rely exclusively on your SaaS provider to secure your data inside of their SaaS application," said the researchers in response to the Salesforce alert.
New malware is created and adapted all the time, making it difficult for enterprises to always be on guard against the most recent cyberthreat. For companies with understaffed IT departments, the most reliable way to ensure sensitive systems and data are secure is to have an eye on network activity at all times. Implementing a security information and event management solution allows companies to monitor traffic for any suspicious activity. With a managed SIEM service, this activity is analyzed and given to organizations as actionable information that makes it easier to reliably defend against malware and other forms of cybercrime.