Adversaries may leverage Customer Relationship Management (CRM) software to mine valuable information. CRM software is used to assist organizations in tracking and managing customer interactions, as well as storing customer data.
Once adversaries gain access to a victim organization, they may mine CRM software for customer data. This may include personally identifiable information (PII) such as full names, emails, phone numbers, and addresses, as well as additional details such as purchase histories and IT support interactions. By collecting this data, an adversary may be able to send personalized Phishing emails, engage in SIM swapping, or otherwise target the organization’s customers in ways that enable financial gain or the compromise of additional organizations.(Citation: Bleeping Computer US Cellular Hack 2022)(Citation: Bleeping Computer Mint Mobile Hack 2021)(Citation: Bleeping Computer Bank Hack 2020)
CRM software may be hosted on-premises or in the cloud. Information stored in these solutions may vary based on the specific instance or environment. Examples of CRM software include Microsoft Dynamics 365, Salesforce, Zoho, Zendesk, and HubSpot.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| IAM-06 | User Access Provisioning | mitigates | T1213.004 | Customer Relationship Management Software |
Comments
This control describes the implementation of a secure and controlled user access provisioning process. Proper user account management reduces the attack surface by limiting unauthorized access to data, assets, and systems. Managing account access authorizations can reduce the risk of privilege escalation by ensuring accounts cannot perform unauthorized actions.
References
|
| UEM-05 | Endpoint Management | mitigates | T1213.004 | Customer Relationship Management Software |
Comments
This control provides for the implementation of best practices for endpoint management. Effectively securing information repositories and enforcing robust data retention policies can mitigate the risk of adversaries exploiting information repositories to access sensitive or valuable information.
References
|
| UEM-14 | Third-Party Endpoint Security Posture | mitigates | T1213.004 | Customer Relationship Management Software |
Comments
This control provides for the implementation of best practices for third-party endpoint management. Effectively securing information repositories and enforcing robust data retention policies can mitigate the risk of adversaries exploiting information repositories to access sensitive or valuable information.
References
|