Human resources (HR) platform provider Workday has recently disclosed that they were targeted in a cyber attack originating from a third-party supplier. This attack is believed to be part of a larger wave of cyber attacks linked to the ShinyHunters cyber crime collective, possibly orchestrated through Salesforce products. The attack, which involved a social engineering campaign targeting several large organizations, resulted in the unauthorized access of information from Workday’s third-party CRM platform.
Fortunately, there is no evidence to suggest that customer data or tenant information was compromised. Workday took swift action to secure their systems and implement additional safeguards to prevent similar incidents in the future. The information accessed by the threat actors mainly consisted of standard business contact details such as names, email addresses, and phone numbers, potentially for use in social engineering scams.
It’s important to note that Workday will never request sensitive information such as passwords over the phone. All official communications from Workday are conducted through trusted support channels. This breach adds Workday to the list of companies targeted by ShinyHunters, including notable names like Adidas, Google, and Qantas. There are indications that ShinyHunters may be linked to a larger underground group known as The Com, suggesting a coordinated effort in these cyber attacks.
The recent surge in cyber attacks underscores the importance of employee awareness and robust security measures. Businesses are urged to strengthen their defenses by addressing OAuth blind spots, implementing strict allow-listing for third-party app integrations, and regularly reviewing connections. Additionally, adopting phishing-resistant multi-factor authentication (MFA) with hardware tokens is recommended to combat social engineering tactics. Effective security awareness training is essential in mitigating the risks of cyber attacks that exploit human vulnerabilities.
Overall, the incident serves as a reminder that cyber threats often stem from manipulation and trickery rather than software vulnerabilities. By prioritizing employee education and implementing proactive security measures, organizations can better protect themselves against evolving cyber threats.
