Improper deactivation and abandonment of Salesforce Sites and Communities (also known as the Experience Cloud) poses significant risk to your organization and can lead to unauthorized access to sensitive data.
Data security firm Varonis has named abandoned, unprotected, unmonitored resources “.haunted spot. ”
In a new report shared with The Hacker News, researchers at Varonis Threat Labs said, “When these communities are no longer needed, they are often stored instead of deactivated.”
“Because these unused sites are not maintained or tested for vulnerabilities, administrators cannot update their security posture according to the new guidelines.”
Varonis found that many of these deactivated (but active) sites were still fetching new data, allowing attackers to manipulate the host header of HTTP requests to extract data. said to be sexual.
Determining the full internal URL associated with a site is difficult, but not impossible, as attackers may take advantage of tools such as SecurityTrails that track changes to DNS records.
Zero Trust + Deception: Learn How to Outsmart Attackers!
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Reserve your seat!
Compounding the risk is the fact that older sites lack the latest security protections, making them ideal targets for attackers looking to siphon sensitive information.
“Exposed data is not limited to old data from using the site, but also includes new records shared with guest users through sharing settings in the Salesforce environment,” the researchers said.
To mitigate the threats associated with ghost sites, we recommend that your organization track all Salesforce sites and their respective user permissions. We also recommend properly deactivating sites that are no longer in use.
