When three prominent vendors, Palo Alto Networks, ZScaler, and Cloudflare, announced on Tuesday that they were hit by a cyber attack, it was a stark reminder that today’s interconnected enterprise environment means that one vendor’s security hole can hurt users globally.
Palo Alto said, “this supply chain attack impacted hundreds of organizations, including Palo Alto Networks” and that it had confirmed that the incident “was isolated to our CRM platform; no Palo Alto Networks products or services were impacted, and they remain secure and fully operational. The data involved includes mostly business contact information, internal sales account and basic case data related to our customers.”
However, one detail reported by Palo Alto showed that some end users will be hurt more than others, given their choice to place sensitive data in insecure notes fields within Salesforce.
“Most of the exfiltrated data was business contact information. However, a small number of customers who included sensitive information, such as credentials, in their recent case notes might also have had that data compromised,” said a Palo Alto spokesperson in an email to CSO, in response to a request for clarification.
“In the case of Zscaler and Palo Alto, because they sell solutions in the SASE space, their compromise can be particularly problematic since this may end up unfolding into a third-party or even fourth-party compromise,” said , SVP and CISO for LexisNexis Risk Solutions Flavio Villanstre.
“Keep in mind that they are in the authentication loop for their customers’ secure access. Regarding most incidents affecting Salesforce deployments, they seem to be related to either compromised identities, stolen tokens and open endpoints, so these two may fall under that umbrella
Zscaler’s statement was similar and said, “this incident involved the theft of OAuth tokens connected to Salesloft Drift, a third-party application used for automating sales workflows that integrates with Salesforce databases to manage leads and contact information.”
