|Category: Vulnerability Intelligence||Sub-Category: Exposed End-point Credentials||Industry: Multiple||Region: Global|
- An increase in dark web discussions among threat actors, regarding CRM exploitation tactics
- Wide-spread exposure of CRM credentials across code repositories such as Github and Bitbucket
- Salesforce username
- Salesforce password
- Consumer ID
- Consumer Secret
- Threat actors discussing CVE-2021-44077, a vulnerability in Zoho ManageEngine CRM software.
- A threat actor detailing how logs from CRMs like Zoho, Sugarcrm, Hubspot, and Salesforce can be leveraged to gain access to the critical infrastructure of an organization. CRM logs are sold on various underground markets.
- Attackers regularly use manual and automated scanners to monitor public code repositories like GitHub for secrets and source code leaks.
- Actors use the credentials, in conjunction with vulnerabilities, exploits, and CRM logs available on cybercrime forums, to gain access to the organization’s critical infrastructure.
- These sensitive details also enable them to move laterally across the organization, deploy ransomware, exfiltrate data, take over user accounts, and maintain persistence.