2 min read

Criminals Use Collaboration Platforms to Spread Malware, Research Finds

Silviu STAHIE

April 14, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Criminals Use Collaboration Platforms to Spread Malware, Research Finds

Collaboration platforms used by employees have become a prime target for attackers seeking to take advantage of telework and the security risks this new paradigm entails, according to new research.

People — and employees especially — need to stay in touch with friends and coworkers while staying at home. The available collaboration platforms can fill that void, but they also come with security issues that can be difficult to mitigate.

We think of malware as transmitted via back channels or fraudulent messages, but that”s not really the case. Abusing existing collaboration platforms to spread malware is just one of the known methods, and it usually comes with some advantages for attackers.

“Attackers are increasingly abusing the communications platforms that many organizations use to facilitate employee communications,” says Talos in its research. “This allows them to circumvent perimeter security controls and maximize infection capabilities. Over the past year, adversaries are increasingly relying on these platforms as part of the infection process.”

Since these are well-established platforms, it gives an attack more credence and allows attackers to bypass or trick some of the existing security solutions. Criminals don”t limit their use of this platform to just spreading malware, but for component retrieval and C2 and data exfiltration as well.

“The use of applications like Discord and Slack may also provide an additional means to perform the social engineering required to convince potential victims to open malicious attachments,” the researchers also explain.

Victims are more likely to click on links or open attachments if they see messages from colleagues or an established platform. Moreover, rooms controlled by threat actors are also used for communications. For example, Discord has been used to spread some threats, including Thanatos, LimeRAT, Remcos and many others.

For malware delivery, files are transmitted between users by attaching them in channels. “Files are stored within the Content Delivery Network (CDN) that the platform provider operates, allowing server members to access these files as they appeared when they were originally attached,” says Talos.

Of course, because these attacks come from known and trustworthy services and the communication takes place over HTTPS, criminals can more easily obfuscate their content. Adding another layer of compression using known types, such as ACE, ISO, makes it even more difficult to investigate the payloads.

The fact that the same systems are used for content delivery and communication with command and control centers only make it more critical for companies to filter out malicious domains from their networks. Using collaboration platforms for malware distribution looks more and more like a game that”s just started.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read
Mozilla Says Many Health and Prayer Apps Are Pose Security Risks Mozilla Says Many Health and Prayer Apps Are Pose Security Risks
Silviu STAHIE

May 09, 2022

2 min read
$5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees $5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees
Silviu STAHIE

May 05, 2022

1 min read