Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities
Improperly deactivated and abandoned Salesforce Sites and Communities (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data.
Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources “ghost sites.”
“When these Communities are no longer needed, though, they are often set aside but not deactivated,” Varonis Threat Labs researchers said in a new report shared with The Hacker News.
“Because these unused sites are not maintained, they aren’t tested against vulnerabilities, and Admins fail to update the site’s security measures according to newer guidelines.”
Varonis said it found many of these deactivated (but still active) sites still fetching new data, thereby allowing threat actors to extract data by manipulating the host header in the HTTP request.
Identifying the complete internal URLs associated with the sites is challenging but not impossible, as an adversary could leverage tools like SecurityTrails that track changes to DNS records.
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!
Claim Your SpotCompounding the risk further is the fact that the obsolete sites lack the latest security protections, making them an ideal target for threat actors looking to siphon sensitive information.
“The exposed data is not restricted to only old data from when the site was in use; it also includes new records that were shared with the guest user, due to the sharing configuration in their Salesforce environment,” the researchers said.
To mitigate the threats associated with ghost sites, organizations are advised to keep track of all Salesforce sites and their respective users’ permissions. It’s also recommended to properly deactivate sites that are no longer in use.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.