Description
Adversaries may leverage Customer Relationship Management (CRM) software to mine valuable information. CRM software is used to assist organizations in tracking and managing customer interactions, as well as storing customer data.
Once adversaries gain access to a victim organization, they may mine CRM software for customer data. This may include personally identifiable information (PII) such as full names, emails, phone numbers, and addresses, as well as additional details such as purchase histories and IT support interactions. By collecting this data, an adversary may be able to send personalized Phishing emails, engage in SIM swapping, or otherwise target the organization’s customers in ways that enable financial gain or the compromise of additional organizations.(Citation: Bleeping Computer US Cellular Hack 2022)(Citation: Bleeping Computer Mint Mobile Hack 2021)(Citation: Bleeping Computer Bank Hack 2020)
CRM software may be hosted on-premises or in the cloud. Information stored in these solutions may vary based on the specific instance or environment. Examples of CRM software include Microsoft Dynamics 365, Salesforce, Zoho, Zendesk, and HubSpot.
Platforms
Mitigations (4)
User Account ManagementM1018
Enforce the principle of least-privilege. Consider implementing access control mechanisms that include both authentication and authorization.
User TrainingM1017
Develop and publish policies that define acceptable information to be stored in CRM databases and acceptable handling of customer data. Only store customer information required for business operations.
Software ConfigurationM1054
Consider implementing data retention policies to automate periodically archiving and/or deleting data that is no longer needed.
AuditM1047
Consider periodic review of accounts and privileges for critical and sensitive CRM data.
References
- Ionut Ilascu. (2020, January 16). Customer-Owned Bank Informs 100k of Breach Exposing Account Balance, PII. Retrieved July 1, 2024.
- Lawrence Abrams. (2021, July 10). Mint Mobile hit by a data breach after numbers ported, data accessed. Retrieved July 1, 2024.
- Sergiu Gatlan. (2022, January 4). UScellular discloses data breach after billing system hack. Retrieved July 1, 2024.
Frequently Asked Questions
What is T1213.004 (Customer Relationship Management Software)?
T1213.004 is a MITRE ATT&CK technique named 'Customer Relationship Management Software'. It belongs to the Collection tactic(s). Adversaries may leverage Customer Relationship Management (CRM) software to mine valuable information. CRM software is used to assist organizations in tracking and managing customer interactions, as w...
How can T1213.004 be detected?
Detection of T1213.004 (Customer Relationship Management Software) typically involves monitoring system logs, network traffic, and endpoint telemetry. Use SIEM rules, EDR solutions, and behavioral analytics to identify suspicious activity associated with this technique.
What mitigations exist for T1213.004?
There are 4 documented mitigations for T1213.004. Key mitigations include: User Account Management, User Training, Software Configuration, Audit.
Which threat groups use T1213.004?
While specific threat group attribution may vary, this technique has been observed in various real-world attacks. Check the MITRE ATT&CK website for the latest threat intelligence.