Cyberside Chats: Cybersecurity Insights from the Experts

Mass Salesforce Hacks: How Criminals Are Targeting the Cloud Supply Chain

Listen Later

A wave of coordinated cyberattacks has hit Salesforce customers across industries and continents, compromising millions of records from some of the world’s most recognized brands — including Google, Allianz Life, Qantas, LVMH, and even government agencies. 

In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down how the attackers pulled off one of the most sweeping cloud compromise campaigns in recent memory — using no zero-day exploits, just convincing phone calls, malicious connected apps, and gaps in cloud supply chain security. 

We’ll explore the attack timeline, parallels to the Snowflake breaches, ties to the Scattered Spider crew, and the lessons security leaders need to act on right now. 

 

Key Takeaways 

  1. Use phishing-resistant MFA — FIDO2 keys, passkeys. 
    1. Train for vishing resistance — simulate phone-based social engineering. 
      1. Monitor for abnormal data exports from SaaS platforms. 
        1. Lockdown your Salesforce platform — vet and limit connected apps. 
          1. Rehearse rapid containment — revoke OAuth tokens, disable accounts fast. 

            2.  

            References 

            • Google - The Cost of a Call: From Voice Phishing to Data Extortion  
              • Salesforce – Protect Your Salesforce Environment from Social Engineering Threats 
                • BleepingComputer – ShinyHunters behind Salesforce data theft at Qantas, Allianz Life, LVMH 
                  • TechRadar – Google says hackers stole some of its data following Salesforce breach 
                    • LMG Security Blog – Our Q3 2024 Top Control is Third Party Risk Management: Lessons from the CrowdStrike Outage 
                      • ...more
                      View all episodesView all episodes
                      Download on the App Store
                      Cyberside Chats: Cybersecurity Insights from the ExpertsBy Chatcyberside
                      • 5
                      • 5
                      • 5
                      • 5
                      • 5

                      5

                      2 ratings

                      More shows like Cyberside Chats: Cybersecurity Insights from the Experts

                      View all
                      No Agenda Show by Adam Curry & John C. Dvorak

                      No Agenda Show

                      5,951 Listeners

                      Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

                      Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

                      369 Listeners

                      The DSR Network by The DSR Network

                      The DSR Network

                      1,760 Listeners

                      Conspirituality by Derek Beres, Matthew Remski, Julian Walker

                      Conspirituality

                      2,037 Listeners

                      What Rough Beast by Virginia Heffernan and Stephen Metcalf

                      What Rough Beast

                      61 Listeners