Since the onset of the pandemic, collaboration tools have become a lifeline for many companies. Highly-adopted collaboration tools such as Slack, Microsoft Teams, and Zoom are now a key part of remote workplace communications, where the volume and velocity of messaging often exceeds email.
Unfortunately though, malicious actors go where the users are. And cybercriminals know that organizations are circulating sensitive information across these team collaboration tools.
Yet despite this, many organizations lack the means to detect and respond to social engineering attacks and communication-based threats that have evolved beyond email and into enterprise collaboration applications. This lack of message-level visibility has opened the door to recent cyberattacks, with devastating outcomes in some instances. Consider the data exfiltration breach at EA Games, where a malicious actor compromised the company by tricking an employee over Slack to provide a multi factor authentication token for the corporate server, opening the door for them to steal highly-valuable source code.
What can we learn from compromises and vulnerabilities like this? And how can companies best protect their enterprise collaboration applications against social engineering, ransomware, data exfiltration, and insider threats?
The Risk Associated with Collaboration
The recent EA Games Slack breach didn’t involve email based phishing or sophisticated vulnerability scouting. All it allegedly took was a Slack authentication cookie. Cyber attackers reportedly leveraged a stolen cookie which they had purchased online for $10 to get inside the company’s Slack instance and, ultimately, the EA corporate network. As a result, the gaming giant saw 780Gb of data stolen – including valuable source codes for some of their most popular game franchises.
Elsewhere, new Zoom vulnerabilities have been discovered through the Pwn2Own 2021 hacking competition. The two researchers, Daan Keuper and Thijs Alkemade from Computest, won $200,000 for exposing a Zoom exploit that allowed remote code execution without user interaction. In the demonstration, the victim received a meeting invitation from the attacker which would automatically execute code without the victim clicking anything.
Recently, Microsoft Teams has had its share of exposed digital risks too. Evan Grant, a researcher at Tenable, published a report about a zero-day vulnerability in Teams, describing a Teams PowerApps service bug that could have opened the door for malicious actors to steal authentication tokens and, as we noted, could be used to perform messaging impersonation and data extraction.
And the threats don’t stop with these collaboration apps. Talos, Cisco’s threat intelligence unit, has recently warned of bad actors leveraging the file sharing capabilities of Slack and Discord to distribute malware.
The Inconvenient Truth
Security professionals are beginning to grasp that they need to improve their mean time to detect and respond to attacks originating in enterprise collaboration and communication applications, and they must be more proactive in their business communication risk management. However, they often still deal with limitations in protecting digital communications, especially those conducted on third-party cloud apps. A recent joint study with the research community Pulse and Safeguard Cyber confirms this reality. The survey, which canvassed 100 cybersecurity leaders, uncovered the following key findings:
- Lack of visibility (39%) is the biggest challenge for security leaders who aim to maintain security and compliance across all business communications.
- Only 10% of cybersecurity leaders have a tech stack that can fully detect and respond to threats in cloud applications outside of their network.
- To ensure security and compliance on social media, collaboration, and mobile chat applications, most security leaders (77%) turn to tools that restrict access to third-party communication apps.
The greatest challenge in this area is the lack of message-level visibility, which is at the heart of recent collaboration tool compromises.
What Enterprises Need
These findings confirm that the security for the various collaboration apps that a company utilizes needs to be consolidated under a single solution, where an enterpriseʼs instance footprint can be monitored 24/7 and proactively protected. For example, a security group needs to be able to consolidate visibility into an enterprise’s Slack, Teams, and Zoom instances and apply consistent analysis to detect social engineering, ransomware attacks, and insider threats including data loss. As enterprises shift to make flexible work environments more permanent, these highly-adopted collaboration platforms require enhanced security and protection against communication-based risks.
The author, Storm Swendsboe, is the Director of Threat Intelligence at SafeGuard Cyber, a GCA partner. SafeGuard Cyber provides security and risk management solutions for today’s communication-based threats.
Editor’s Note: The views expressed by the author are not necessarily those of the Global Cyber Alliance.