2 min read

Criminals Use Collaboration Platforms to Spread Malware, Research Finds

Silviu STAHIE

April 14, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Criminals Use Collaboration Platforms to Spread Malware, Research Finds

Collaboration platforms used by employees have become a prime target for attackers seeking to take advantage of telework and the security risks this new paradigm entails, according to new research.

People — and employees especially — need to stay in touch with friends and coworkers while staying at home. The available collaboration platforms can fill that void, but they also come with security issues that can be difficult to mitigate.

We think of malware as transmitted via back channels or fraudulent messages, but that”s not really the case. Abusing existing collaboration platforms to spread malware is just one of the known methods, and it usually comes with some advantages for attackers.

“Attackers are increasingly abusing the communications platforms that many organizations use to facilitate employee communications,” says Talos in its research. “This allows them to circumvent perimeter security controls and maximize infection capabilities. Over the past year, adversaries are increasingly relying on these platforms as part of the infection process.”

Since these are well-established platforms, it gives an attack more credence and allows attackers to bypass or trick some of the existing security solutions. Criminals don”t limit their use of this platform to just spreading malware, but for component retrieval and C2 and data exfiltration as well.

“The use of applications like Discord and Slack may also provide an additional means to perform the social engineering required to convince potential victims to open malicious attachments,” the researchers also explain.

Victims are more likely to click on links or open attachments if they see messages from colleagues or an established platform. Moreover, rooms controlled by threat actors are also used for communications. For example, Discord has been used to spread some threats, including Thanatos, LimeRAT, Remcos and many others.

For malware delivery, files are transmitted between users by attaching them in channels. “Files are stored within the Content Delivery Network (CDN) that the platform provider operates, allowing server members to access these files as they appeared when they were originally attached,” says Talos.

Of course, because these attacks come from known and trustworthy services and the communication takes place over HTTPS, criminals can more easily obfuscate their content. Adding another layer of compression using known types, such as ACE, ISO, makes it even more difficult to investigate the payloads.

The fact that the same systems are used for content delivery and communication with command and control centers only make it more critical for companies to filter out malicious domains from their networks. Using collaboration platforms for malware distribution looks more and more like a game that”s just started.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content
Silviu STAHIE

January 21, 2022

1 min read
FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations
Filip TRUȚĂ

January 21, 2022

2 min read
Data of 500,000 already vulnerable people stolen from Red Cross Data of 500,000 already vulnerable people stolen from Red Cross
Radu CRAHMALIUC

January 20, 2022

1 min read