Your Salesforce is a New Target: The FBI Just Issued a Major Warning

Have you ever wondered which amount of applications are related to your work? Well, the bad guys are cogitating about it. The FBI has just issued a major warning to firms, advising they should be careful of another, more lucrative target, namely, their Salesforce systems. It is not about some elaborate hack on Salesforce itself. The burglars are becoming cunning and they have discovered two major channels of gaining entry and they are all too cunning.

To start with, there is a feds group known as UNC6040. They simply call you, and this is an old-school trick of theirs. They will pretend it is the IT support and explain you will need to install a special version of Salesforce Data Loader to correct an issue. Sounds official, right? But it's a scam. One time they get it installed and they have a golden ticket straight into your account, and all your company information. It is an old scam of phishing but this time on the phone.

The second group, UNC6395 is slightly more tech-savvy. They are targeting the applications that you have attached to your Salesforce. Consider all those sales, marketing and support integrations. They are discovering methods of stealing the special keys (OAuth tokens) of these third-party applications such as Salesloft Drift chatbot. They can use those keys to dance freely into your firm SalesForce and take a few of their customer lists, sales figures, any data you feel like, and ransom it.

This is a huge development as it demonstrates the way the bad guys are changing their game. They do not simply attempt to break the front door anymore they visit seeking unlocked side doors and back windows. The FBI claims that this is a wake-up call to all businesses to have a harsh look at their cloud security. So, what can you do? Distrust any person who calls you randomly by name IT. Should they request that you install something, call them and get it done on the company number. You should also review your Salesforce app integrations and remove ones you are not actively utilizing, fewer connected apps will result in fewer entry points that hackers have. And discuss with your IT team how to improve the methods of logging in as the old username and password a text code is no longer sufficient. Lastly, your Salesforce activity is something that your IT team should be closely monitoring. Any suspicious data downloads or logins in a foreign place may be a strong alarm.

The point is, the data of your company is a good target. In this case it is not everything about firewalls any more, it is about being clever and attentive with all those applications you use on a daily basis.