COVID-19 and tech: New collaboration tools mean new security risks

Shortly before Slack’s IPO this spring, the company addressed potential security threats to workplace chat software in an SEC filing. The risks identified included malware, viruses, worms and ransomware, among others. A 2019 Accenture report found that 85 percent of organizations experienced phishing and other social engineering attacks, an increase of 16 percent in a single year.

Ready or not: Collaborate

If your company hadn’t yet decided to move their communication and file sharing onto collaboration platforms, the coronavirus crisis made the decision for you. While the move to collaboration tools became a necessity, security threats will continue to surface, requiring new methods of securing the environment.

“It’s a safe bet for malicious attackers that their targets are using one – or more – popular tools such as Microsoft Teams, Slack, Google, Zoom and so on,” said Mike Puglia, chief strategy officer at Kaseya. It’s a low effort way to gain access to enterprise tools.”

The Slack filing also pointed to the potential threat posed by organized crime, as well as hostile nation states and attackers acting on their behalf, as a risk to Slack, it’s partners and its users.

“Hackers and cybercriminals are acutely aware of the wealth of sensitive information that’s shared via such workplace collaboration tools,” said Attila Tomaschek, a digital privacy expert at ProPrivacy. “They are therefore naturally quite attractive targets to go after.”

A host of threats (beyond COVID-19)

Tomaschek notes that a phishing attack could introduce malware that might compromise an entire organization’s collaboration platform, as well as personal and sensitive business documents and files.

Another potentially concerning vulnerability could appear from third-party apps that integrate with software like Teams and Slack.

“Equally concerning is cybercriminals’ ability to take advantage of APIs to gain access to companies’ data through their collaboration tools,” Tomaschek said. These tools work with a host of third-party applications that companies will often integrate into the tools for a convenient and more seamless experience with other applications. The problem is that the API that’s used to connect the collaboration software with the third-party application can be exploited by a hacker to intercept data and communications between the two applications.”

Companies are increasingly focused on automation and integration, said Steve Tcherchian, chief product officer at XYPRO, who also sees a door opening for malicious hackers.

“The most things that can integrate with each other and provide a single pane-of-glass view, the less cost, management overhead and potential for problems exist,” Tcherchian said. “Most of these [collaboration] apps have third-party integrations to just about every other apps for this purpose. The challenge becomes how secure are the integrations, what data is shared between them and what risk is introduced into your platform?”

Collaboration tools will become a prime target for hackers, Tomaschek said, because, by design, they make it easy to spread data through the organization.

“Along with the largely informal and casual communication style generally used on these platforms, unassuming users could easily let their guard down and not being vigilant about what they communicate and what links they click on,” Tomaschek said. “Compounding that is the inherent immediacy of the medium, which encourages quick responses and which can further lead to carelessness and imprudent activity by users.”

Bart McDonough, CEO of Agio, agrees that the level of trust an employee expects in their workplace chat software may lead to vulnerabilities.

“There’s less general skepticism around inbound communications,” McDonough said. “While it’s uncommon for bad actors to spoof and fake messages on collaboration platforms, the reality is if one assumes the identity of an employee, the content they share becomes highly trusted very quickly. Email, in contrast, has experienced many years of publicized risks, negative stories, and user awareness training, sharpening the sword of cynicism among users.”

Credential stuffing is also on the rise, said Mike Puglia, chief strategy officer at Kaseya. “Attackers can gain credentials through phishing or simply by purchasing them from the millions of records for sale on the dark web and then testing – credential stuffing – those credentials on popular collaboration tools sites.”

It only takes one person’s chat login to be hacked, to expose multiple employee’s data through the collaboration software, noted Tim Roberts, managing director, digital-cyber team at AlixPartners. “People also feel more comfortable once within an apparently secure collaboration space, and therefore may drop their guard when faced with requests to share passwords or send confidential documents. This false sense of security needs to be managed.”

Future threats

Tomaschek expects over time to see attacks that incorporate artificial intelligence and machine learning to target collaboration tools.

“For instance, bots could be developed to mimic genuine human interaction over these collaboration systems,” Tomaschek said, “and could potentially become incredibly effective at gathering sensitive information from unsuspecting employees or get them to click on files containing malware.”

In terms of threats in the wild, Tomaschek points to malware that stole data via Slack and Github, surreptitiously moving data between the two platforms.

“There has been malware that connects to collaborative software version control platforms, like Github, for downloading commands,” Tomaschek said. “It then outputs the results of those commands to cloud-based proprietary instant messaging platforms, like Slack, and then uses free cloud storage services for uploading stolen files and documents. Abusing legitimate tools and services allows attackers to fly under the radar of traditional security solutions.”

In addition to traditional hacking threats, in its SEC filing Slack also pointed out that collaboration software faces “threats from sophisticated organized crime, nation-state and nation-state supported actors who engage in attacks …  Third parties may attempt to fraudulently induce employees, users, or organizations into disclosing sensitive information such as user names, passwords, or other information or otherwise compromise the security of our internal electronic systems, networks and/or physical facilities in order to gain access to our data or the data of organizations.”

Steps to take to ensure security in chaotic times

The outbreak of the coronavirus may have forced your hand, but there steps you can take to ensure a secure collaboration envjronment. McDonough sats that organizations can help secure their virtual workspaces by employing similar security practices to what are already have in place for email.

“Make sure that two-factor authentication is enabled for all logins,” McDonough said, “and across all associated software – not just the collaboration tools themselves. There’s also an education gap employers must close by training users around identity management risks. Administrators should also ensure that employee access and accounts on these platforms are promptly removed once an individual leaves the company.”

Security policies will need to revamped to include educating employees on potential threats in collaboration software, advises Liviu Arsene, global cybersecurity researcher for Bitdefender.

“At the same time IT and security teams should set in place monitoring tools and technologies designed to spot potential sensitive data that might be exposed,” Arsene said. “Educating employees in cybersecurity best practices and having a strong company policy in terms of accepted apps, coupled with highly regulated access to company-critical data, can help organizations increase they cybersecurity posture and reduce the footprint of potential misuse of collaboration software.”