November 22, 2024
Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities
Improperly deactivated and abandoned Salesforce Sites and Communities (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data. Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources “ghost sites.” “When these Communities are no longer needed, though, they are often set aside but not deactivated,” Varonis

?May 31, 2023?Ravie LakshmananData protection / Cyber Threat

Improperly deactivated and abandoned Salesforce Sites and Communities (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data.

Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources “ghost sites.”

“When these Communities are no longer needed, though, they are often set aside but not deactivated,” Varonis Threat Labs researchers said in a new report shared with The Hacker News.

“Because these unused sites are not maintained, they aren’t tested against vulnerabilities, and Admins fail to update the site’s security measures according to newer guidelines.”

Varonis said it found many of these deactivated (but still active) sites still fetching new data, thereby allowing threat actors to extract data by manipulating the host header in the HTTP request.

Identifying the complete internal URLs associated with the sites is challenging but not impossible, as an adversary could leverage tools like SecurityTrails that track changes to DNS records.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

Compounding the risk further is the fact that the obsolete sites lack the latest security protections, making them an ideal target for threat actors looking to siphon sensitive information.

“The exposed data is not restricted to only old data from when the site was in use; it also includes new records that were shared with the guest user, due to the sharing configuration in their Salesforce environment,” the researchers said.

To mitigate the threats associated with ghost sites, organizations are advised to keep track of all Salesforce sites and their respective users’ permissions. It’s also recommended to properly deactivate sites that are no longer in use.

Found this article interesting? Follow us on Twitter ? and LinkedIn to read more exclusive content we post.