Menu
Salesforce warns customers of malware attack

Salesforce warns customers of malware attack

A new version of the Dyreza online banking Trojan is stealing Salesforce.com log-in credentials

Salesforce.com users are being targeted by a new version of a computer Trojan that has typically attacked online banking customers until now.

The malware threat is called Dyre or Dyreza and came to light in June. Like most online banking Trojans, it hooks the browser process to capture log-in credentials entered by users on websites belonging to financial institutions.

The original Dyre version found in June by researchers from PhishMe and CSIS Security Group targeted the sites of Bank of America, NatWest, Citibank, RBS and Ulsterbank. However, it appears the program's creators have recently added Salesforce.com to the list.

"On September 3, 2014, one of our security partners identified that the Dyre malware (also known as Dyreza), which typically targets customers of large, well-known financial institutions, may now also target some Salesforce users," Salesforce said in a security advisory published on its website.

"We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation," the company said. "If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance."

Salesforce advised customers to use the platform's IP range restriction feature to allow access to accounts only from trusted corporate networks and VPNs. Enabling two-factor authentication via the Salesforce# mobile app and turning on SMS-based identity confirmation for log-in attempts from unknown sources is also recommended.

Dyreza is not the first malware program to target Salesforce. In February, researchers from a security firm called Adallom found a variant of the well-known Zeus Trojan that had been modified to scrape business data from compromised Salesforce accounts.

"This alert is yet another in a growing number of wakeup calls for SaaS [Software-as-a-Service] adopters that you cannot rely exclusively on your SaaS provider to secure your data inside of their SaaS application," the Adallom researchers said following the new Salesforce alert. "From the perspective of Salesforce.com, this is not a vulnerability within Salesforce since the malware resides on infected customer computer systems, and therefore only the affected customer is accountable for any data that is modified, exfiltrated, or deleted through this attack."


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securitySalesforce.comphishmeAdallomAccess control and authenticationspywareCSIS Security Groupdata protectionmalware

Featured

Slideshows

Channel celebrates as HP marks 50 years in NZ

Channel celebrates as HP marks 50 years in NZ

HP marked 50 years in New Zealand at an event in the vendor's Auckland's headquarters last night, with a host of key channel figures coming along to celebrate. Photos by HP.

Channel celebrates as HP marks 50 years in NZ
EDGE 2017 - Icebreaker Sessions round 2

EDGE 2017 - Icebreaker Sessions round 2

EDGE guests experience the value of networking at the second round of Icebreaker sessions.. Photos by Maria Stefina

EDGE 2017 - Icebreaker Sessions round 2
EDGE 2017 Dinner Under the Stars

EDGE 2017 Dinner Under the Stars

EDGE's Day 2 keynote and breakout sessions were followed by the Dinner Under the Stars. Over 300 people were present to enjoy a seafood feast and lots of excitement at Hamilton Island's Bougainvillea Marquee. Photos by Maria Stefina.

EDGE 2017 Dinner Under the Stars
Show Comments