Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

10:30 AM
Yoram Salinger
Yoram Salinger
Connect Directly
E-Mail vvv

4 Ways At-Work Apps Are Vulnerable to Attack

Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.

They haven't completely replaced phone calls or email, but communication and collaboration apps are becoming increasingly popular. For workers today, who are in and out of the office, working on the go, with multiple team members, it's all about convenience and ease of use. Many rely on Slack, Google Hangouts, Box, SharePoint, and other applications to communicate, share files, and collaborate on projects to get their work done in the most efficient manner possible.

For IT teams, there's an added bonus: Collaboration apps are meant to be easier to manage than local servers. The brand responsible for the app takes care of outages or any other disruption; it ensures that communications are backed up and that the system is secured from data loss. Since the brand specializes in its tool, it will have the resources to ensure that things run smoothly and safely.

That's the promise, at least — but the reality is different. A study we conducted in 2018 with 500 enterprise IT decision-makers, managerial level and above, who are involved in cybersecurity efforts in medium and large enterprises revealed that two-thirds of responding companies have been attacked via collaboration tools in the last 12 months, and three-quarters believe the sophistication of such attacks is increasing. Here are some reasons why such tools may be more of a burden than a boon security-wise:

Phishing is a favorite. Attackers have already had great success using phishing techniques. According to the 2017 Verizon data breach report, as many as 95% of security breaches have their origins in socially engineered phishing attacks. Collaboration-tool phishing attacks are takeoffs on the "classic" email scam; rather than send a malicious URL via email, attackers can instead send it through messaging services. The message could come from an insider threat, a third party, or stolen credentials. Interactions via messaging are typically very quick and immediately trusted, meaning users may be less likely to think twice before clicking.

Email and notifications. When you're out of the office, common corporate courtesy dictates that you let people know that you're not available to meet with them — and for that, there is the out-of-office auto-reply, in which you inform people who sent you messages (via email or collaboration app) that you're away. The problem, of course, is that the auto-reply is sent in response to all messages that an inbox gets — and if that response is received by a thief, you could be tipping him off that it's open season on your house.

You can't see them? Doesn't mean they aren't there. Besides messages with "poison links," hackers have had great success in sending their malware to victims via files and documents emailed directly to victims' mailboxes. With a bit of social engineering, hackers can get their prey to open the document, thus unleashing the malware. Advanced hacking techniques enable bad actors to hide malware in macros or scripts of the poisoned document — places that antivirus and other security systems cannot penetrate. Once the document is opened and uploaded to the collaboration platform, the malware can easily spread to anyone else who accesses that document.

For example, if the malware comes in the form of a keylogger, the malware will attach itself to individual users' systems when they access the shared document. If they access it from inside the organization, the keylogger will be able to collect and send back to the hackers each user's corporate login. If one of those logins belongs to an administrator, it's just a matter of time before the hackers get their hands on anything and everything.

Who said that? With the credentials to a collaboration account in hand — obtained perhaps by tricking a member of the group into giving up their name and password — hackers could perpetrate all sorts of mayhem by posing as an employee. (Typically, all it takes is a message from "tech support" saying they need the information.) Then, using the private messaging component of a collaboration app, a skilled hacker could pump a member of the group for information about a contract, event, or other important data. When coupled with the techniques that hackers use to attack organizations via collaboration platforms, the result is a one-two punch that enables them to do what they want, when they want.

Collaboration tools clearly provide great benefits for organizations — but they also provide hackers with a path to compromising IT systems. It's unlikely that companies will give up on collaboration tools, which have opened a whole new window on productivity for both employees and organizations.

What to do? In any human exchange, caution is always warranted — especially if it's done electronically. Before opening a document or a link, employees must ensure that they are not walking into a hacker-laid trap. Context can be important here; documents and links that seem out of character for a project should raise suspicions, and teams should work out a code that will indicate that a communication they receive is a legitimate one (i.e., a naming convention for files, using Google shortcuts for all links, etc.).

And, of course, organizations should implement defensive systems for situations where hackers do get through, despite the caution employees exercise. Collaboration tools are definitely a blessing for modern business — and the task today is to ensure that they don't turn out to be a curse as well, sentencing companies to an eternity in hacker hell.

Related Content:



Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Yoram Salinger is the CEO of Perception Point, leading the company's growth, strategy and management. He previously served as the CEO of Redbend and Netgame, as well as the COO of Algorithm Research, where he headed marketing and sales for Europe and the Far East. View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
3/13/2019 | 3:51:03 PM
good article
Interesting read and spot on with hackers posing as "tech support '


User Rank: Ninja
3/8/2019 | 10:11:14 AM
Re: The theme
"IF YOU DON'T NEED IT, DON'T READ IT, DELETE IT" Wise words to live by.

The reason that server side attacks have transitioned to the minority and client side attacks are now the majority is because people's curiousity is peaked. Plus since email needs to remain open for business it will commonly subvert many of the security layers.

User Awareness is a big piece and constant testing will go a long way. Sites like PhishMe and KnowBe offer integrated services to perfrom.  
User Rank: Ninja
3/7/2019 | 12:54:51 PM
The theme
Always seems to be an impersonation attack through email and infected documents.  User education would almost eradicate a huge potion of malware.  BUT people are curious and that killed the cat.  They want to see what an infected something ACTUALLY DOES.  I have seen that crazy desire up close.  Or they just want to see if the Liberty Wine company really does owe then $315.62 as per the attached invoice.  (Google that one).  My rule for email is simple and I encourage all to pass it on: IF YOU DON'T NEED IT, DON'T READ IT, DELETE IT
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
8 Infosec Page-Turners for Days Spent Indoors
Kelly Sheridan, Staff Editor, Dark Reading,  3/23/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-03-30
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource co...
PUBLISHED: 2020-03-30
Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the re...
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.