Cloud-based software company Salesforce was left wide open to a cyberattack exploiting the reputation of tech giant Meta thanks to a previously undetected bug, cybersecurity firm Guardio has disclosed.
“The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce’s domain and reputation and exploiting legacy quirks in Facebook’s web games platform,” said Guardio.
Salesforce holds data for around 150,000 clients, many of them small businesses that could potentially cease trading if they were to fall foul of a cyberattack that preyed on their sensitive data.
In this case the zero-day bug — defined as a gap in a system’s defenses that cybersecurity defenders have had no time to address before it is exploited — appears to have been used in a phishing campaign, in which cybercriminals attempt to dupe victims into parting with money or sensitive data by convincing them that they’re interacting with a genuine concern.
“Using sophisticated phishing techniques, the threat actors successfully hid malicious email traffic within legitimate and trusted email gateway services, allowing them to capitalize on the companies’ volume and reputation,” said Guardio.
It adds that the phishing emails maintained the illusion of authenticity by using the target’s real name, while bypassing traditional anti-spam and phishing mechanisms using legitimate links to Facebook and the @salesforce.com address.
Guardio disclosed the results of its investigation to Salesforce and Meta, who have both responded “promptly” to address the issue, it said.
“This incident with Salesforce highlights the importance for service providers to exercise additional caution and implement stringent measures to prevent abuse of legitimate services for malicious activities,” said Nati Tal, head of Guardio Labs.