Application Security

3/7/2019
10:30 AM
Yoram Salinger
Yoram Salinger
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

4 Ways At-Work Apps Are Vulnerable to Attack

Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.

They haven't completely replaced phone calls or email, but communication and collaboration apps are becoming increasingly popular. For workers today, who are in and out of the office, working on the go, with multiple team members, it's all about convenience and ease of use. Many rely on Slack, Google Hangouts, Box, SharePoint, and other applications to communicate, share files, and collaborate on projects to get their work done in the most efficient manner possible.

For IT teams, there's an added bonus: Collaboration apps are meant to be easier to manage than local servers. The brand responsible for the app takes care of outages or any other disruption; it ensures that communications are backed up and that the system is secured from data loss. Since the brand specializes in its tool, it will have the resources to ensure that things run smoothly and safely.

That's the promise, at least — but the reality is different. A study we conducted in 2018 with 500 enterprise IT decision-makers, managerial level and above, who are involved in cybersecurity efforts in medium and large enterprises revealed that two-thirds of responding companies have been attacked via collaboration tools in the last 12 months, and three-quarters believe the sophistication of such attacks is increasing. Here are some reasons why such tools may be more of a burden than a boon security-wise:

Phishing is a favorite. Attackers have already had great success using phishing techniques. According to the 2017 Verizon data breach report, as many as 95% of security breaches have their origins in socially engineered phishing attacks. Collaboration-tool phishing attacks are takeoffs on the "classic" email scam; rather than send a malicious URL via email, attackers can instead send it through messaging services. The message could come from an insider threat, a third party, or stolen credentials. Interactions via messaging are typically very quick and immediately trusted, meaning users may be less likely to think twice before clicking.

Email and notifications. When you're out of the office, common corporate courtesy dictates that you let people know that you're not available to meet with them — and for that, there is the out-of-office auto-reply, in which you inform people who sent you messages (via email or collaboration app) that you're away. The problem, of course, is that the auto-reply is sent in response to all messages that an inbox gets — and if that response is received by a thief, you could be tipping him off that it's open season on your house.

You can't see them? Doesn't mean they aren't there. Besides messages with "poison links," hackers have had great success in sending their malware to victims via files and documents emailed directly to victims' mailboxes. With a bit of social engineering, hackers can get their prey to open the document, thus unleashing the malware. Advanced hacking techniques enable bad actors to hide malware in macros or scripts of the poisoned document — places that antivirus and other security systems cannot penetrate. Once the document is opened and uploaded to the collaboration platform, the malware can easily spread to anyone else who accesses that document.

For example, if the malware comes in the form of a keylogger, the malware will attach itself to individual users' systems when they access the shared document. If they access it from inside the organization, the keylogger will be able to collect and send back to the hackers each user's corporate login. If one of those logins belongs to an administrator, it's just a matter of time before the hackers get their hands on anything and everything.

Who said that? With the credentials to a collaboration account in hand — obtained perhaps by tricking a member of the group into giving up their name and password — hackers could perpetrate all sorts of mayhem by posing as an employee. (Typically, all it takes is a message from "tech support" saying they need the information.) Then, using the private messaging component of a collaboration app, a skilled hacker could pump a member of the group for information about a contract, event, or other important data. When coupled with the techniques that hackers use to attack organizations via collaboration platforms, the result is a one-two punch that enables them to do what they want, when they want.

Collaboration tools clearly provide great benefits for organizations — but they also provide hackers with a path to compromising IT systems. It's unlikely that companies will give up on collaboration tools, which have opened a whole new window on productivity for both employees and organizations.

What to do? In any human exchange, caution is always warranted — especially if it's done electronically. Before opening a document or a link, employees must ensure that they are not walking into a hacker-laid trap. Context can be important here; documents and links that seem out of character for a project should raise suspicions, and teams should work out a code that will indicate that a communication they receive is a legitimate one (i.e., a naming convention for files, using Google shortcuts for all links, etc.).

And, of course, organizations should implement defensive systems for situations where hackers do get through, despite the caution employees exercise. Collaboration tools are definitely a blessing for modern business — and the task today is to ensure that they don't turn out to be a curse as well, sentencing companies to an eternity in hacker hell.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Yoram Salinger is the CEO of Perception Point, leading the company's growth, strategy and management. He previously served as the CEO of Redbend and Netgame, as well as the COO of Algorithm Research, where he headed marketing and sales for Europe and the Far East. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mcmoore08
50%
50%
Mcmoore08,
User Rank: Author
3/13/2019 | 3:51:03 PM
good article
Interesting read and spot on with hackers posing as "tech support '

thanks!

Michelle 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
3/8/2019 | 10:11:14 AM
Re: The theme
"IF YOU DON'T NEED IT, DON'T READ IT, DELETE IT" Wise words to live by.

The reason that server side attacks have transitioned to the minority and client side attacks are now the majority is because people's curiousity is peaked. Plus since email needs to remain open for business it will commonly subvert many of the security layers.

User Awareness is a big piece and constant testing will go a long way. Sites like PhishMe and KnowBe offer integrated services to perfrom.  
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/7/2019 | 12:54:51 PM
The theme
Always seems to be an impersonation attack through email and infected documents.  User education would almost eradicate a huge potion of malware.  BUT people are curious and that killed the cat.  They want to see what an infected something ACTUALLY DOES.  I have seen that crazy desire up close.  Or they just want to see if the Liberty Wine company really does owe then $315.62 as per the attached invoice.  (Google that one).  My rule for email is simple and I encourage all to pass it on: IF YOU DON'T NEED IT, DON'T READ IT, DELETE IT
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
Cybercriminals Think Small to Earn Big
Dark Reading Staff 3/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: LOL  Hope this one wins
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.