Workday, Salesforce & A New Era of Third-Party Cyberattacks

Workday, one of the business world's most widely used HR platforms, has disclosed that it has experienced a data breach, with the data of its 11,000 corporate customers and 70 million individual users now potentially exposed.

The company has confirmed that threat actors accessed its business contact information including names, phone numbers and email addresses stored within the compromised database.

The breach was discovered on 6 August, though the company has not specified exactly when the unauthorised access to its data occurred.

This attack follows a series of cyberattacks directed at Salesforce, whose CRM platform Workday uses regularly.

Other organisations affected by similar attacks include technology giants Google and Cisco, as well as the airline Qantas and the jewellery retailer Pandora.

"SaaS and CRM platforms aren’t side projects, they are prime targets," explains Tina McGriff, Information Security Analyst at AMN Healthcare. "If they’re not on your audit radar, you’re already behind."

Supply chain vulnerabilities exposed

Google has attributed these coordinated breaches to ShinyHunters, a cybercriminal group specialising in voice phishing techniques that are especially effective at manipulating corporate employees.

The hackers employ sophisticated social engineering tactics, typically contacting staff members and impersonating IT or HR personnel to coerce them into revealing sensitive credentials or system access codes.

Some industry insiders question whether it is the efficacy of the attackers' methods, or the inadequacy of the companies' defences that have led to this slew of cyberattacks.

Charles Mazarura, Cyber Security Engineer at NFP Europe, questions: "Are these incidents a testament to the increasing sophistication of phishing tactics, or do they highlight gaps in organisational training and awareness?"

Security response and mitigation

Workday maintains that customer tenant data has remained secure throughout the incident.

"There is no indication of access to customer tenants or the data within them," the company states in its breach notification.

"We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future."

However, the company has not confirmed whether it possesses sufficient technical logging capabilities to definitively establish what information may have been taken.

Risk analysis and prevention

Security experts warn that the compromised business contact information could facilitate subsequent social engineering attacks against affected organisations.

"The information obtained by the attackers may be useful for other social engineering attempts," Workday acknowledges in its statement.

The stolen data provides cybercriminals with verified contact details and organisational hierarchies that can enhance the credibility of future phishing attempts.

For industry experts like Josh Moulin, who is the founder of the American cybersecurity firm Natsar, businesses need to be more aware of cyberattacks up and down their supply chain.

"If threat actors are targeting your vendors, they're targeting you," he explains.

"Assume exposure, act accordingly."