Recent social engineering attacks exploit human behavior, using voice phishing to access Salesforce credentials and highlight the need for stronger cyber awareness.
According to a report released Friday by S&P, the recent wave of social engineering attacks highlights the risks of a sophisticated threat group taking advantage of human behavior to bypass the most sophisticated security technologies.
In recent months, financially motivated hackers have targeted Salesforce instances by using voice phishing in order to obtain credentials and gain access to technology systems.
S&P analysts said the attacks highlight the need for better awareness, security training and improved cyber governance.
“If someone is giving access, then that basically bypasses all the great security,” Jawad Hussain, a director at S&P Global, told Cybersecurity Dive.
According to the report, the campaigns also highlight the risks related to increased dependence on third-party applications. Salesforce did not have any security vulnerabilities linked to It, yet a series of attacks such as this can create reputational risk for the brand.
The FBI warned earlier this month that two separate campaigns used different tactics to conduct data theft and extortion against targeted organizations.
Also Read: AI vs. AI: The $10B Cybersecurity Battle You’re Missing
According to the FBI, one group, tracked as UNC6040, has used voice phishing to get customer service agents to hand over credentials. That campaign has been ongoing since October 2024.
A more recent campaign involved the use of compromised OAuth tokens for an AI-chatbot called Salesloft Drift. In this attack, data was stolen after Salesforce instances were compromised.
The latter campaign was disrupted after the companies revoked access and refreshed the OAuth tokens.
