Disrupting the Kill Chain with WithSecure Cloud Protection for Salesforce: Email-to-Case Scenario


In the world of cybersecurity, organizations must stay vigilant against a myriad of evolving threats. And with Salesforce being a vital platform for businesses worldwide, safeguarding its infrastructure is of paramount importance. One tool that helps describe the step-by-step process that attackers use to breach an organization's defenses is The Cyber Kill Chain.

We've delved into the specifics of the Kill Chain  previously, but here's a quick recap: The Cyber Kill Chain is an approach that breaks down an attack into its most basic steps. When executed correctly, each step builds on itself to create a "kill chain" that can be used to better understand and mitigate cybersecurity risks.

Today, we'll explore an email-to-case scenario to illustrate the dangers and demonstrate how WithSecure™ Cloud Protection for Salesforce can be a game-changer in securing your organization. 

Why Salesforce Security Matters: The Stakes Are High

In the modern digital era, businesses increasingly depend on Salesforce as a robust platform to streamline operations and enhance customer interactions.

Salesforce often houses a plethora of sensitive data, which makes it a prime target for cybercriminals. A security breach can result in severe repercussions for affected organizations. As indicated by a 2022 study from IBM and the Ponemon Institute, the average time to identify and contain a data breach is 277 days, which could result in substantial financial and reputational damages during that period. Additionally, the report highlights that the average cost of a data breach has risen by 12.7% from 2020, reaching $4.35 million and emphasizing the critical importance of implementing robust security measures.

Don't Fall for It: How Attackers Pose as Customers To Penetrate Your Salesforce Service Cloud

Let's dissect a specific attack where cybercriminals disguise themselves as customers to infiltrate your Salesforce Service Cloud. This attack unfolds through six main stages:

  1. Reconnaissance: Threat actors  begin by researching your organization and gathering valuable information, such as email addresses used for customer support requests. This data enables them to craft a believable and targeted attack.
  2. Delivery: The attackers create a seemingly innocuous website designed for a phishing attack. They send the link in an email message to create an email-to-case request for customer support. To avoid detection by security scanners, the link is not weaponized at this stage. However, once the link passes through security measures, it's stored in your Salesforce org.
  3. Weaponization: The attackers patiently wait before adding malicious code to the website they initially created. This delay tactic helps them stay under the radar and ensure the attack remains undetected.
  4. Exploitation: Without intervention, an unsuspecting internal user clicks on the link, and the malicious code is executed within the vulnerable application on their device.
  5. C2 / Persistence: The attackers now have access to the compromised user's device. They can proceed with lateral movement, persistence and further internal reconnaissance — solidifying their presence within your organization.
  6. Objective: The attackers' primary goal is to exfiltrate sensitive or confidential data from your organization, causing financial and reputational damage.

The Product: WithSecure™ Cloud Protection for Salesforce

In an age where cyber adversaries are unyielding and constantly exploring new ways to exploit vulnerabilities, organizations need to prioritize the protection of their data. WithSecure™ Cloud Protection for Salesforce is the all-encompassing security solution that businesses need to defend against advanced cyberthreats.

The solution covers a wide spectrum of threats, such as ransomware, cutting-edge malware, viruses, trojans, and of course, phishing attempts. Designed in collaboration with Salesforce, WithSecure™ Cloud Protection bolsters the platform's built-in security features and ensures the highest level of protection against cyberattacks.

A prime aspect of WithSecure™ Cloud Protection is its advanced URL scanning mechanism, activated every time a link is accessed. This means that any attack attempt like the email-to-case scenario described above can be easily detected and blocked before it infiltrates the Salesforce platform.

Furthermore, WithSecure™ Cloud Protection has earned ISO 27001 and ISAE 3000 (SOC 2) certifications, giving you the confidence that your data is being protected to the highest standard. 

The Power of User Education: A Critical Layer of Defense

While technology plays a crucial role in securing your Salesforce environment, it's essential not to overlook the human factor. Employees, particularly those interacting with Salesforce daily, must be educated on the risks associated with phishing attacks, social engineering and other threats. Regular training sessions and simulated attack exercises can help build a culture of security awareness, empowering your team to spot and report potential threats.

By combining the power of WithSecure™ Cloud Protection for Salesforce with an educated and vigilant workforce, your organization will be better equipped to withstand the ever-evolving threat landscape. Don't let cybercriminals compromise your valuable information and disrupt your business operations. Reach out to us today.

Related resources

Cyber Kill Chain

Learn how Cyber attackers can leverage vulnerabilities in Salesforce and how you can stop them

Learn more

How Cloud Protection for Salesforce Works

Learn more

Secure your Salesforce today.

Tailored for high compliance sectors, our certified solution safeguards Salesforce clouds for global enterprises, including finance, healthcare, and the public sector.

Fill the form and get:

  • Free 15-day trial
  • Personalized Salesforce security risk assessment report
  • Demo and a solution consultation
  • Support from our dedicated experts with setup and configurations