As the coronavirus forces companies to move their communications and file sharing to collaborative platforms, be prepared for the unintended consequences: new security threats will emerge that require new methods to protect your environment.
Shortly before Slack’s IPO this spring, the company addressed potential threats to the security of chat software at work in a filing with the SEC. The risks identified included malware, viruses, worms and ransomware, among others. An Accenture report from 2019 found that 85% of organizations suffered from phishing and other social engineering attacks, an increase of 16% in one year.
Ready or not: Collaborate
If your company has not yet decided to move your communication and file sharing to collaboration platforms, the coronavirus crisis has made the decision for you. While switching to collaboration tools has become a necessity, security threats will continue to occur. , requiring new methods of environmental protection.
«It’s a safe bet for malicious attackers that their targets use one or more popular tools like Microsoft Teams, Slack, Google, Zoom, etc.,» said Mike Puglia, Kaseya’s director of strategy. It is a low-effort way to gain access to business tools. «
Slack’s presentation also highlighted the potential threat posed by organized crime, as well as hostile nation-states and attackers acting on their behalf, as a risk to Slack, its partners and users.
«Hackers and cybercriminals are aware of the large amount of confidential information that is shared through these collaborative tools in the workplace,» said Attila Tomaschek, ProPrivacy’s digital privacy expert. «So, naturally, they are quite attractive targets to pursue.»
A number of threats (beyond COVID-19)
Tomaschek notes that a phishing attack could introduce malware that could compromise the organization’s entire collaboration platform, as well as personal and confidential business documents and files.
Another potentially worrying vulnerability could occur in third-party applications that integrate with software such as Teams and Slack.
«Equally worrying is the ability of cybercriminals to use APIs to access company data through their collaboration tools,» Tomaschek said. These tools work with a large number of third-party applications that companies often integrate into tools for a more consistent and convenient experience with other applications. The problem is that the API that is used to connect the collaboration software with the third-party application can be exploited by a hacker to intercept data and communications between the two applications. «
Companies are increasingly focusing on automation and integration, said Steve Tcherchian, XYPRO’s product manager, who also sees an open door for malicious hackers.
«Most things that can be integrated with each other and offer a single glass viewfinder, the lowest cost, administrative costs and potential for problems exist,» Tcherchian said. «Most of these applications [de colaboración] They have third-party integrations with almost any other application for this purpose. The challenge is how secure the integrations are, what data is shared between them and what risk is introduced on their platform. «
Collaborative tools will become a major target for hackers, Tomaschek said, because by design, they facilitate the dissemination of data throughout the organization.
«Along with the informal and generally informal communication style generally used on these platforms, unpretentious users could easily let their guard down and not pay attention to what they are communicating and what links they are clicking on,» said Tomaschek. . «Added to this is the inherent immediacy of the environment, which encourages rapid responses and can continue to lead to negligence and reckless activity on the part of users.»
Agio CEO Bart McDonough agrees that the level of trust an employee expects in workplace chat software can lead to vulnerabilities.
«There is less widespread skepticism around inbound communications,» McDonough said. «Although it is rare for bad actors to falsify and falsify messages on collaboration platforms, the reality is that if you assume the identity of an employee, the content they share becomes extremely trustworthy. Email, on the other hand, has experienced many years of risky advertising, negative stories and user awareness training, sharpening the sword of cynicism among users. «
Improving accreditation is also on the rise, said Mike Puglia, Kaseya’s director of strategy. «Attackers can obtain phishing credentials or simply by purchasing them from millions of dark web sales records and then testing (completing the credentials) those credentials on popular collaboration tools.»
A person’s chat time is only needed to be hacked, to expose the data of several employees through collaboration software, said Tim Roberts, general manager of the digital cyber team AlixPartners. «People also feel more comfortable when they enter a seemingly secure collaboration space and can therefore be on guard when faced with requests to share passwords or send confidential documents. You have to deal with this false sense of security. «
Tomaschek hopes to eventually see attacks that incorporate artificial intelligence and machine learning to target collaboration tools.
«For example, robots could be developed to mimic genuine human interaction in these collaboration systems,» said Tomaschek, «and they could be incredibly efficient at collecting sensitive information from unsuspecting employees or causing them to click on files.» containing malware ”.
In terms of threats in nature, Tomaschek targets malware that steals data through Slack and Github, rightly moving data between the two platforms.
«There were malware programs connected to collaborative software control platforms, such as Github, to download commands,» Tomaschek said. «It then sends the results of those commands to cloud-based instant messaging platforms, such as Slack, and then uses free cloud storage services to upload stolen files and documents. The abuse of legitimate tools and services allows attackers to bypass the radar of traditional security solutions. «
In addition to the traditional threats of hacking, in his SEC file, Slack also mentioned that the collaboration software faces «threats from sophisticated organized crime, actors supported by the national state and attacks supported by the national state.» Third parties may attempt to fraudulently induce employees, users or organizations to disclose confidential information, such as usernames, passwords or other information, or otherwise compromise the security of our internal electronic systems, networks and / or physical facilities. to have access to our data or to the data of the organization «.
Steps to take to ensure safety in chaotic times
The coronavirus outbreak may have forced it, but there are steps you can take to ensure a secure collaboration environment. McDonough says organizations can protect their virtual workspaces using security practices similar to those that already exist for email.
“Make sure two-factor authentication is enabled for all login data,” McDonough said, “and for all associated software, not just the collaboration tools themselves. There is also an educational gap that employers need to close by educating users about the risks of identity management. Administrators must also ensure that employee access and accounts on these platforms are removed immediately after a person leaves the company. «
Security policies will need to be renewed to include educating employees about potential threats in collaboration software, recommends Liviu Arsene, Bitdefender’s global cybersecurity researcher.
«At the same time, IT and security teams need to establish monitoring tools and technologies designed to detect potential sensitive data that could be exposed,» Arsene said. «Educating employees about cybersecurity best practices and a strong business policy on supported applications, along with regulated access to critical business data, can help organizations increase their cybersecurity position and reduces the imprint of possible misuse of collaboration software. »