Menu
Salesforce warns customers of malware attack

Salesforce warns customers of malware attack

A new version of the Dyreza online banking Trojan is stealing Salesforce.com log-in credentials

Salesforce.com users are being targeted by a new version of a computer Trojan that has typically attacked online banking customers until now.

The malware threat is called Dyre or Dyreza and came to light in June. Like most online banking Trojans, it hooks the browser process to capture log-in credentials entered by users on websites belonging to financial institutions.

The original Dyre version found in June by researchers from PhishMe and CSIS Security Group targeted the sites of Bank of America, NatWest, Citibank, RBS and Ulsterbank. However, it appears the program's creators have recently added Salesforce.com to the list.

"On September 3, 2014, one of our security partners identified that the Dyre malware (also known as Dyreza), which typically targets customers of large, well-known financial institutions, may now also target some Salesforce users," Salesforce said in a security advisory published on its website.

"We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation," the company said. "If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance."

Salesforce advised customers to use the platform's IP range restriction feature to allow access to accounts only from trusted corporate networks and VPNs. Enabling two-factor authentication via the Salesforce# mobile app and turning on SMS-based identity confirmation for log-in attempts from unknown sources is also recommended.

Dyreza is not the first malware program to target Salesforce. In February, researchers from a security firm called Adallom found a variant of the well-known Zeus Trojan that had been modified to scrape business data from compromised Salesforce accounts.

"This alert is yet another in a growing number of wakeup calls for SaaS [Software-as-a-Service] adopters that you cannot rely exclusively on your SaaS provider to secure your data inside of their SaaS application," the Adallom researchers said following the new Salesforce alert. "From the perspective of Salesforce.com, this is not a vulnerability within Salesforce since the malware resides on infected customer computer systems, and therefore only the affected customer is accountable for any data that is modified, exfiltrated, or deleted through this attack."


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securitymalwareSalesforce.comdata protectionspywarephishmeAccess control and authenticationCSIS Security GroupAdallom

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments