Salesforce issues advice on avoiding Dyreza attack

Salesforce has issued a set of guidelines on tightening security after a number of its customers were targeted by the Dyreza email virus

Salesforce has issued a set of guidelines on tightening security after a number of its customers were targeted by the Dyreza email virus.

At the beginning of September Salesforce said one of its security partners identified that the Dyre malware (also known as Dyreza), which typically targets customers of large, well-known financial institutions, may now also target some Salesforce users.

The company urged IT departments to ensure their email filtering software is able to detect the virus. It also suggested IT departments enable IP range restrictions to allow users access to, only from the corporate network or VPN.

"By restricting logins to Salesforce only from corporate networks, Dyre would not be able to access a compromised account externally, although it could still make such a connection from a compromised PC within the enterprise," said Michael Sutton, vice-president of security research at Zscaler.

However, restricting access to Salesforce to the corporate network could prevent access of the software as a service (SaaS) product from a mobile device or via the internet, limiting its flexibility.

Businesses should also use two-factor authentification, where an SMS Identity Confirmation notice is used to add an extra layer of login protection for Salesforce credentials, Salesforce added.

More articles on Salesforce

  • Inside the Salesforce App Exchange: A developer's perspective
  • Interview: Remote monitoring will revolutionise long-term care
  • Security Think Tank: How to keep data secure when resident or used by cloud applications

Its third recommendation is to add Salesforce#, which provides an additional layer of security with two-step verification. The app is available via the iTunes App Store or via Google Play for Android devices.

Jaime Blasco, director of AlienVault Labs, said: "Salesforce has the proper mechanism to prevent the usage of stolen credentials by activating two-factor authentication (by activating two-factor authentication, they will send you a SMS every time you log in and you will need to introduce that along with your login/password). 

"To be proactive, Salesforce users can also activate other security settings, such as only allowing a specific network range belonging to your company to log in and use your Salesforce account."

To achieve this, Salesforce urged IT departments to implement SAML authentication capabilities, which is used to prevent authentication from outside the corporate network.

Read more on Network security management

Data Center
Data Management