Category: Vulnerability Intelligence | Sub-Category: Exposed End-point Credentials | Industry: Multiple | Region: Global |
---|
Executive Summary
THREAT | IMPACT | MITIGATION |
---|---|---|
|
|
|
- An increase in dark web discussions among threat actors, regarding CRM exploitation tactics
- Wide-spread exposure of CRM credentials across code repositories such as Github and Bitbucket
Analysis
CRM Credentials Exposed on Github
XVigil’s Cyber Threat Monitor has identified several code repositories disclosing sensitive information and CRM secrets and credentials.- Salesforce username
- Salesforce password
- Consumer ID
- Consumer Secret
Increase in Darkweb Discussions Regarding CRM Exploitation
XVigil has identified an increase in discussions, on cybercrime forums, regarding CRMSs. Here are some key examples:- Threat actors discussing CVE-2021-44077, a vulnerability in Zoho ManageEngine CRM software.
- A threat actor detailing how logs from CRMs like Zoho, Sugarcrm, Hubspot, and Salesforce can be leveraged to gain access to the critical infrastructure of an organization. CRM logs are sold on various underground markets.
How Exposed CRM Secrets and Darkweb Discussion Enable Large-Scale Attacks
- Attackers regularly use manual and automated scanners to monitor public code repositories like GitHub for secrets and source code leaks.
- Actors use the credentials, in conjunction with vulnerabilities, exploits, and CRM logs available on cybercrime forums, to gain access to the organization’s critical infrastructure.
- These sensitive details also enable them to move laterally across the organization, deploy ransomware, exfiltrate data, take over user accounts, and maintain persistence.
Impact & Mitigation
Over 2 million corporate secrets were detected on public GitHub repositories in 2020. These leaked secrets were leveraged to carry out major attacks on Starbucks, Equifax, and the United Nations.Impact | Mitigation |
---|---|
|
|