Is chat putting your business at risk?
Credit to Author: Trend Micro| Date: Thu, 26 Jul 2018 15:30:37 +0000
Now that corporate activities are increasingly taking place outside of the office, technology that enables real-time communication and collaboration among office workers and telecommuters is absolutely essential. Elements like file sharing, video conferencing and cloud access have quickly become imperative.
However, few solutions address the challenges that can come up with geographically dispersed workers like live chat.
Overall, more than 3.7 million employees work from home or another location outside of the office at least half of the time, and regular teleworking has increased by 115 percent since 2005. At the same time, interest and use of chat platforms like Slack, Discord and Telegram – which enable integration through APIs with other systems – has risen as well.
As chat capabilities become increasingly important and common, it’s worth asking the question: “Could chat be putting my business at risk?”
State of chat within the current enterprise landscape
According to current industry insights and statistics, chat is being used in more businesses and in more use cases than ever before to support internal as well as external communication:
| |
How hackers are taking advantage of corporate chat communication
Like any enterprise trend, hackers have taken notice of this rising chat use and begun leveraging the most popular platforms for malicious purposes. This strategy isn’t difficult to understand, as chat solutions – as well as any other communication platform – are often used to transmit sensitive information that could be utilized by hackers for fraud or other malicious attacks.
Live chat is especially important for organizations with teleworking employees, but is it worth the security risk?
Here’s a few trends that have taken hold with cybercriminals in association with chat platforms:
Command & Control connections
According to Trend Micro’s own research, almost every chat system API – including Slack, Discord and Telegram – can all be similarly abused to enable connections with Command & Control servers under hackers’ control. In this way, attackers can use a company’s own chat platform as a C&C environment, supporting connections to other infected systems. This opens the door for a variety of other malicious processes, including data theft and malware attacks.
A platform for malware
Speaking of malicious infections, Trend Micro researchers discovered that chat platforms can also be leveraged to host and serve up malware to victims. Discord, for example, can be utilized by hackers to host malicious samples like file infectors and bitcoin miners for cryptojacking and theft. Cybercriminals have also used Telegram to deliver ransomware samples like TeleCrypt, which encrypt victims’ systems and data in exchange for a monetary ransom.
Overall, all of these instances have one common thread: the abuse of their APIs to enable malware capabilities. As Trend Micro pointed out, this makes it difficult to address the specific flaw.
“What makes this particular security issue something for businesses to take note of is that there is currently no way to secure chat platforms from it without killing their functionality,” Trend Micro researchers noted in a blog post. “Blocking the APIs of these chat platforms means rendering them useless, while monitoring traffic for suspicious Discord/Slack/Telegram connections is practically futile as there is no discernible difference between those initiated by malware and those initiated by the user.”
A real-world instance: Hackers abuse Discord to target ROBLOX players
In an interesting look at the ways in which hackers are leveraging chat for attack, Trend Micro Senior Threat Researcher Stephen Hilt reported on the connection between Discord and ROBLOX last year. As Hilt pointed out, the integration capabilities within Discord enable it to be used by players of ROBLOX, an online game dependent upon user-created content with more than 178 million registered user accounts.
In these instances, hackers abused the Discord API to enable the delivery of malware which steals ROBLOX login credentials. From there, hackers are able to infiltrate the game and steal ROBUX, in-game currency, which can then be traded for actual cash or other digital currency like Bitcoin.
Safeguarding chat communications
As Trend Micro noted, the issue of chat security is complicated by the fact that hackers are able to leverage the platform’s APIs, and blocking these would also prevent legitimate use.
Thankfully, there are some things businesses can do to support improved chat security:
| |
To find out more about safe use of chat APIs and platforms as well as overall enterprise security, connect with the experts at Trend Micro today.
The post Is chat putting your business at risk? appeared first on .