Salesforce.com has published a warning that Salesforce users could be under attack from Malware called Dyre or Dyreza. While this is not a security flaw at Salesforce.com’s end, if your computer gets infected, it can steal your Salesforce username and password and play havoc on your Salesforce instance (deleting/editing data, stealing information, spamming your customers, the possibilities are endless)
The way this malware works is you will receive an email with a zip file. Once you open the zip file it will install the malware and monitor your internet traffic, stealing username and password.
As per Salesforce, here is how you can protect your Salesforce instance from this attack
- Activate IP Range Restrictions to allow users to access salesforce.com only from your corporate network or VPN
- Use SMS Identity Confirmation to add an extra layer of login protection when salesforce credentials are used from an unknown source
- Implement Salesforce#, which provides an additional layer of security with 2-step verification. The app is available via the iTunes App Store or via Google Play for Android devices.
- Leverage SAML authentication capabilities to require that all authentication attempts be sourced from your network.
If you suspect that you have been attacked by this malware, open a case with Salesforce.com without any delay.