Business Transformation

Why Collaboration Software Is the Next Frontier for Hackers

It’s time to focus on the dangers threatening popular enterprise software like Slack and Zoom, which fuel today's hybrid workplace.

The hack of 780 gigabytes of videogame source code from gaming giant Electronic Arts (EA) started, innocently enough, on Slack. According to hackers interviewed by Motherboard, which EA reportedly confirmed, a hacking group bought stolen cookies containing login credentials for $10 each and used them to penetrate the company’s Slack channels.

Once inside, attackers posed as an EA employee—an increasingly common approach for cybercriminals—and messaged IT that they had lost their phone at a party and couldn’t fill in the required multifactor-authentication information to log in to the corporate network. An IT admin fell for it, granted access, and the hackers were able to leapfrog over to developer file directories. From there, they made off with valuable game-related source code and tools—the crown jewels of a videogame company’s kingdom.

By now everyone is familiar with the security holes in another popular collaboration platform, Zoom. In April, Zoom agreed to pay $85 million to litigants who had been victimized by racist, sexist, and generally uncouth “Zoombombers.” These miscreants have, variously, harassed kids studying at home in “Zoom school” amid the pandemic, worshippers in an online Bible study class, and Asian Americans gathering virtually to counter violence and discrimination.

Know your IT risk posture

Such harassment has become so prevalent that Zoombombing is now a federal offense. But it’s not the only cybersecurity issue that should concern people using popular collaboration platforms. According to the FBI, hackers are using “deep fake” videos and other ways to impersonate corporate executives through collaboration tools, in order to steal company funds and data.

Indeed, despite major security gains during the pandemic, vulnerabilities continue to emerge that could allow hackers to secretly compromise endpoint devices and launch potentially devastating zero-day attacks. Last year, for instance, Google Project Zero identified two flaws affecting Zoom clients and multimedia router (MMR) servers that could allow hackers backdoor access into computers and other platforms and devices without a user clicking on a single phishing link. Multiple vulnerabilities have also reportedly been found in Microsoft Teams, Cisco Webex, and Slack.

How Slack, Zoom, Teams, and other collaboration apps inspire video hacking

Vulnerabilities cut across every virtual communication and collaboration platform to some degree. And these tools are becoming one of the next big frontiers for cybercrime.

In 2022, employees using collaboration tools in multiple locations will find themselves
under siege.
Oliver Cronk, chief IT architect, EMEA, Tanium
“Hackers will continue to look for vulnerabilities related to the new hybrid workforce model—and we predict that in 2022 employees using collaboration tools in multiple locations will find themselves under siege,” Oliver Cronk, chief IT architect, EMEA, at Tanium, predicted in a recent article.

Motivations for targeting these tools vary, yet they share similarities to attacks on endpoint devices. In many cases, cybercriminals, nation-states, or corporate spies use collaboration tools as express lanes to viewing and potentially stealing corporate, personal, and financial data. In other situations, these tools serve as another path for launching ransomware attacks. Researchers have also discovered evidence of their use by cryptojackers to pilfer computing power for the purpose of generating bitcoin and other digital currencies.

Collaboration tools offer plentiful paths to access

The ways in which hackers take advantage of collaboration tools often seem simple on the surface, even if they are sophisticated on the back end. In most cases, the goal is to hide some sort of malware in HTML, JavaScript, or browser code to compromise an endpoint and steal user credentials. From there, hackers can proceed laterally across networks to steal data and launch further attacks.

It turns out, it’s not that difficult to spread nefarious code using collaboration tools. Hackers can easily purchase Zoom credentials for as little as $0.002 each, according to cybersecurity firm Cyble, which reportedly bought a half-million of these logins just to see if they were genuine. The hackers probably stole usernames, passwords, registered email addresses, host keys, and personal meeting URLs through “credential stuffing,” a technique in which cybercriminals purchase logins and passwords from the dark web, then use bots to try them one by one on a login screen until something works.

Not surprisingly, compromised credentials are the most common means of cyberattack, accounting for 20% of breaches, with an average cost of $4.37 million, according to IBM’s Cost of a Data Breach Report 2021.

[Read also: 4 simple ways security ops can thrive with hybrid work]

“Because of remote work, these tools are now an easier attack vector than email,” says Chuck Everette, director of cybersecurity advocacy for Deep Instinct, an artificial intelligence cybersecurity software firm. “About 80% of the attacks we’ve seen went in and mimicked someone on Teams or Slack, which is very easy to do.”

Collaboration software security begins with an ounce of prevention

Stopping attacks against collaboration tools is impossible—just as it is with any connected device, experts say. But applying common sense can limit their frequency and severity.

Zac Warren, senior director of cybersecurity, EMEA, for Tanium, says the most important steps an organization can take are to use multifactor authentication—a practice cyber insurance companies are increasingly demanding of their clients—and the most current and updated hardware and software.

Because of remote work, these tools are now an easier attack vector
than email.
Chuck Everette, director of cybersecurity advocacy, Deep Instinct
The Cybersecurity and Infrastructure Security Agency added
single-use authentication to its “bad practices” list in August 2021. Companies that depend on passwords alone instead of multifactor authentication, Warren says, are at much higher risk for having their collaboration tools compromised.

And unpatched, out-of-date, or “sick laptops,” he adds, are among the juiciest targets for hackers. If a company is depending on outdated versions of those collaboration tools, it misses recent critical security enhancements. Effective patch management is essential, especially given the wave of recent ransomware and nation-state attacks that have targeted known vulnerabilities.

Organizations should also pay close attention to the default cybersecurity policies of their chosen videoconferencing and collaboration tools. They often come out of the box entirely open-source and less secure.

Warren also recommends adopting a zero-trust approach to identity and access management, where users are not automatically trusted just because they managed to get onto a corporate network. He says organizations should set up their virtual conferencing and collaboration systems in ways that “clearly delineate between internal and external parties” so insiders know what’s coming from the outside and outsiders can’t jump laterally across the organization.

[Read also: The future is passwordless]

Everette of Deep Instinct also urges organizations to do a better job of training employees about what to look out for in videoconferences and virtual collaboration rooms. Many times, he notes, people who watch for signs of phishing in email let down their guard in Teams, Slack, Zoom, or Webex, because they think they’re safe.

In reality, he notes, phishing attempts are just as common inside collaboration tools as in any other digital location, although they can sometimes be a bit different. In some cases, hackers manage to inject malware through GIF images in video chats. Users only have to view the image for their credentials to be released into the digital wild.

“People don’t expect to deal with phishing attacks during videoconferences, because they haven’t been trained on what to look for,” Everette says. “Human error is the No. 1 weakness in all security postures, and threat actors are ready and able to exploit any and all mistakes people might make.”

Howard Rabinowitz
Howard Rabinowitz is a business and technology writer based in West Palm Beach, Fla.