Cisco/Talos Researchers Find Attackers Using Slack and Discord to Distribute Malware

Robinson+Cole Data Privacy + Security Insider

Another example of the resiliency and creativity of cyber-attackers is outlined in a new blog by Cisco/Talos researchers, which outlines how, over the past year, and in particular as a result of the migration from work at the office to work from home during the pandemic, cyber-attackers are using collaboration platforms like Slack and Discord to distribute malware to unsuspecting victims.

According to the blog:

  • As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows.
  • Attackers are leveraging collaboration platforms, such as Discord and Slack, to stay under the radar and evade organizational defenses.
  • Collaboration platforms enable adversaries to conduct campaigns using legitimate infrastructure that might not be blocked in many network environments.
  • Remote Access Trojans (RATs), information stealers, internet-of-things malware and other threats are leveraging collaboration platforms for delivery, component retrieval and command and control communications.

In sum, the collaboration rooms and platforms are being used to “spread traditional malspam lures used to infect victims.” They are using the platforms to “circumvent perimeter security controls and maximize infection capabilities.” They are being used during three phases of malware attacks, including delivery, component retrieval, and C2 and data exfiltration. They are also being used for social engineering campaigns.

If your organization is using collaboration platforms, it is important to let your IT professionals and employees know about the malicious use of these platforms so they can use good cyber- hygiene to avoid causing an incident in the same way as a phishing or social engineering scheme. The same tools that they use to identify malicious emails or texts should be used with these collaboration platforms. Providing education on these schemes and uses of legitimate business platforms is the first defense to preventing an incident.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.