Workflow Applications May Be Rife With Malware Blind Spots

Amid the COVID-19 pandemic, many organizations have implemented remote work adoption plans on a timeline crunch. It’s difficult to argue with the convenience offered by workflow applications, particularly for low-level employees who might otherwise feel lost in the shuffle. An improvised hybrid work environment is a house of cards destined for a precipitous fall and could bring business to standstill. Unfortunately, the inherent vulnerabilities of collaboration platforms such as Discord and Slack entice hackers like moths to a flame.

In a report on these applications, Cisco’s Talos cybersecurity team said they’ve been exploited as file hosting services for malicious activity. Hackers use externally accessible files to gain entry and introduce private-access spy technology in the vein of Agent Tesla, LimeRAT, and more. Content delivery networks (CDNs) are the vehicles used for this file sharing, and the victim needn’t have any associated application installed.

Become a Subscriber

Please purchase a subscription to continue reading this article.

Subscribe Now

With encryptions and file compression, this can be a hyper-effective, clandestine attack strategy that earns its Trojan horse moniker. The pilfering of data comes across as normal site traffic. The applications’ managers, and the organizations using the platforms are still coming to grips with the metrics of those preyed upon. In VirusTotal, a single Discord CDN search came up with around 20,000 results. Slack had a variant of the current issue pop up in mid-2020, when remote code-execution allowance gave hackers control of the entire app with use of cross-site scripting and HTML takeover.

Effectively safeguarding collaborative applications is not as simple as throwing buckets of money into security research and standing by for a solution. Interoperability and multi-device use are foundational elements of the digital business space. However, a lack of consolidation of entry points requiring password or authentication can create a data input cacophony in networks, an ideal environment for malicious attacks.

Rudimentary security protocols are often unrecognized or misunderstood by the scores of users thrown into ostensibly immune workflow programs in the past year. Mark Kedgley, Chief Technology Officer of New Net Technologies, said, “To mitigate the risks, more focus on least privilege is needed, as it’s still too common for users to run with local admin rights. Email and office applications provide a number of hardened settings to combat malware and phishing; however, not enough organizations make use of them. Change control and vulnerability management as core security controls should be in place as well.” Data safety technology that can keep apace of the most resourceful hackers is requisite for ongoing protection, but a top-down comprehension of existing assets should be the preeminent baseline goal for vulnerable organizations.