Guardio Reveals Zero-Day Vulnerability in Salesforce’s Email Services: An Urgent Call to Strengthen Cybersecurity

Guardio Uncovers Sophisticated Phishing Campaign Exploiting Salesforce‘s Zero-Day Vulnerability

Tel Aviv, Israel – August 2, 2023 – Guardio, a leading cybersecurity company, has released a report detailing their research team’s discovery of a sophisticated email phishing campaign that exploited a zero-day vulnerability in Salesforce‘s legitimate email services and SMTP servers. This vulnerability allowed threat actors to craft targeted phishing emails that evaded conventional detection methods and deceived recipients into taking harmful actions. The report sheds light on the prevalence of phishing attacks, the deceptive tactics employed by threat actors, and the exploitation of trusted email gateway services.

A Growing Threat: Phishing Attacks

Phishing attacks continue to pose a significant threat to organizations, with 83% facing such attacks every year. Mass-market emails, cleverly disguised as messages from reputable companies, are the most prevalent form of phishing. These emails aim to deceive recipients into downloading malware or clicking on malicious links, thereby compromising their social and financial accounts.

The Scale of the Exploitation

In this particular campaign, threat actors successfully concealed malicious email traffic within legitimate and trusted email gateway services. By doing so, they took advantage of the volume and reputation of companies, including Salesforce. The phishing emails appeared authentic, mentioning the target’s real name and bypassing traditional anti-spam and anti-phishing mechanisms by including legitimate links to Facebook and originating from the @salesforce.com email address.

The Exploited Vulnerability and Impact

The campaign exploited Salesforce‘s “Email-To-Case” feature, designed to convert customer inbound emails into actionable tickets. By receiving verification emails and gaining control of a genuine @salesforce.com email address, threat actors were able to conduct their malicious phishing endeavors undetected. Guardio‘s research team meticulously dissected the campaign, uncovering the zero-day vulnerability exploited by threat actors.

Guardio‘s Responsible Disclosure and Collaboration

Upon identifying the scheme, Guardio promptly disclosed their findings to both Salesforce and Meta. Both companies responded swiftly to address the issue and worked closely with Guardio to mitigate and resolve the vulnerability. Head of Guardio Labs, Nati Tal, commended Salesforce and Meta for their prompt actions and ongoing efforts to strengthen the security and resilience of their platforms.

Industry-Wide Implications and Recommendations

This incident with Salesforce highlights the crucial need for service providers to exercise caution and implement stringent measures to prevent the abuse of legitimate services for malicious activities. Threat actors’ ability to leverage reputable platforms and services underscores the importance of continuous vigilance in securing data gateways and bolstering verification processes.

With no evidence of impact to customer data, Salesforce emphasized their commitment to security and expressed gratitude to Guardio Labs for their responsible disclosure. They encourage the security research community to continue sharing their findings to enhance security efforts, providing a dedicated email address for this purpose.

About Guardio

Guardio is an industry-leading cybersecurity company that ensures a safe digital experience for private users and small businesses through its intuitive browser extension and mobile apps. Founded in 2018 by cybersecurity veterans Amos Peled, Daniel Sirota, and Michael Weinstein, Guardio‘s mission is to create a secure digital world for everyone. Since its launch, the company has garnered over one and a half million users.