Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
Focusing on Collaboration and File Sharing Security
By Jeremy Fuchs, Cybersecurity
Researcher/Analyst at Avanan, A Check Point Software Company
If you get an attack in Slack or Microsoft
Teams, how would you respond? What about in OneDrive or Google Drive? Would you
be prepared? Would your users even notice?
Also, how many times have you received a
suspicious text message or voicemail? Have you received it on your work phone?
Let's face it, much modern work gets done on
file-sharing and collaboration apps, with the use of mobile phones contributing
significantly. The new manner in which work is done is not merely the "virtual
water cooler". Business decisions are made, data flows at the speed of
business,files are shared back and forth. It's not just the virtual water
cooler. (Although it certainly serves that purpose.) File-sharing and
collaboration apps are the new hub of business.
With increasing amounts of internal
communication taking place on these apps, more stakeholders are able to utilize
the communications systems. Robust communications environments like these can
open up opportunities for major attacks.
Channels
are not a priority to be fully protected. Phishing
training is covered in email, but it hasn't yet transitioned to these other
apps. Think about this facetious, but real, example: In Slack or Teams, any
user can change their name. Sometimes it's a funny joke or nickname. But there
is nothing stopping a hacker from entering a Slack environment, changing their
name to that of an employee, and wreaking havoc. How would you, as an end-user,
know the difference?
Enterprises
will need to re-think their security strategy for collaboration, mobile and
file-sharing in 2023 and beyond. Hackers will begin to
expand their phishing efforts into these channels, and larger organizations
will begin to see more targeted, sophisticated attacks that are aimed at every
line of communication, which we are already starting to see.
Earlier in 2022, hackers were beginning to leave comments in Google Docs that
would include a malicious link. All the hacker has to do is mention the
subject's email and will get directly sent to the user's email. They don't even
have to interact with the document-just click on the link that shows up in the
email.
Consider this attack from earlier in 2022,
where hackers dropped malicious executable files in Teams
conversations. These files write data to the Windows registry,
install DLL files and create shortcut links that allow the program to
self-administer. We saw thousands of these attacks at its peak.
In a similar case when we were first doing a
POC with a potential customer, as we do in every trial, we scanned their
OneDrive instance for malware. We found a malicious document that had been
sitting in an OneDrive folder for over three years. Fortunately for that
customer, no one engaged with that file.
Earlier this year, we also scanned and stopped
a malicious Roblox Trojan that, we suspect, was mistakenly uploaded to
someone's work OneDrive folder. The threat can be accidental, too. Whenever you
do work, there is a possibility of a threat.
These applications, like email, are communication
channels that also require security. The security includes malware scanning and
protection, URL rewriting, DLP, and compliance tools. Every file should be
scanned in a sandbox before downloading, and if malware or ransomware is found,
the file should be quarantined. Sensitive information, like social security
numbers or personal health information, should not flow freely. Similar to
email, if there are enough suspicious qualities about a file or message in a
chat environment, the suspicious file should not reach the end-user.
We
believe that the attacks of the future will be synchronized and target multiple
vectors. Protecting just one vector is no longer
sufficient for proper safeguarding.
Conclusion A holistic approach is necessary, one that encompasses the entirety of
the network. Otherwise, a simple Slack message could have devastating
consequences.
##
ABOUT THE AUTHOR
Jeremy Fuchs is the content manager for
Avanan, a Check Point Company, the leading cloud email and collaboration solution.
Jeremy can be reached online at https://www.linkedin.com/in/jeremy-fuchs1/ and at the company website www.avanan.com.