Once it has evaded detection by security, it’s just a matter of getting the employee to think it’s a genuine business communication, a task made easier within the confines of a collaboration app channel. The trick, the team said, is to get users to click on a malicious link. “Files can be uploaded to Slack, and users can create external links that allow the files to be accessed, regardless of whether the recipient even has Slack installed.” Other collaboration platforms like Slack have similar features,” Talos reported. “This functionality is not specific to Discord. As an example, Talos uses the Discord CDN, which is accessible by a hardcoded CDN URL from anywhere, by anyone on the internet. The researchers explained that Slack, Discord and other collaboration app platforms use content delivery networks (CDNs) to store the files shared back and forth within channels. “By leveraging these chat applications that are likely allowed, they are removing several of those hurdles and greatly increase the likelihood that the attachment reaches the end user.” Content Delivery Network Abuse “One of the key challenges associated with malware delivery is making sure that the files, domains or systems don’t get taken down or blocked,” Talos researchers explained in their report.
The pandemic-induced shift to remote work drove business processes onto these collaboration platforms in 2020, and predictably, 2021 has ushered in a new level cybercriminal expertise in attacking them.Ĭisco’s Talos cybersecurity team said in a report on collaboration app abuse this week that during the past year threat actors have increasingly used apps like Discord and Slack to trick users into opening malicious attachments and deploy various RATs and stealers, including Agent Tesla, AsyncRAT, Formbook and others. Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware.
0 kommentar(er)
