A recent Hubspot hack provides a sort of autopsy of how these types of combined network infiltration and social engineering black hat operations work.
Anthoniyan B. reports at NewsBTC that since hackers got access to the Hubspot architecture, information from customers of Circle, BlockFi and others was exposed.
B. clarifies that hackers did not get actual passwords, because of the external nature of Hubspot as a CRM component.
However, there are stories of hackers using collected information for phishing attacks, including reaching out to a customer as an ersatz employee, and trying to get people to click on infected links.
“Many of the users of the affected companies are reporting phishing attacks already,” B. writes. “The uptick is a target or a lure to expose their password to the attacker via an infected website. This is typical of what these phishing emails do. It will redirect users to a fake website and demand their password, automatically exposing their details to hackers.”
In a general sense, this story is just another example of how important it is to understand the cybersec component of CRM systems.
“Some of the common security threats for the data keyed into a CRM system include server breakdown or a lethal security breach,” writes an analyst at Sage Software. “In the event of a server breakdown, data backups on cloud servers can save the day for you. However, in case of security breach or cyberattack, the CRM system ought to be equipped with stringent security layers to tackle the attack.”
Data sharing policy and assets are both important.
This can be an illustration of how firms can weather the storm when it comes to aggressive hacking. Cybersec professionals understand the nature of this challenge, and put systems in place to segment or isolate information from prying eyes. As an investor, it’s good to have a working knowledge of how companies protect themselves, in order to limit your own liability.
