Collaboration apps are a risk that many businesses have tried to ignore out of convenience. But as the attacker is poised to exploit them more and more, their weaknesses can no longer be ignored. On September 18, a hacker released over 90 videos and images of the upcoming Grand Theft Auto VI release on GTAForums. The hacker claimed that they wanted to strike a deal with EA to avoid releasing additional information, including the source code and assets of GTA V and VI and the GTA VI trial version. The attacker managed to steal this information by breaking into Rockstar’s internal Slack channel and kicking them out. For businesses, this breach is a clear warning that sharing protected information in consumer-grade communication apps like Slack can significantly increase the risk of IP theft.

Event

MetaBeat 2022 MetaBeat will bring together thought leaders to provide guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, California. Register here

How bad is the breach?

This latest breach highlights that collaboration apps provide an effective avenue for hackers to commit IP theft. However, many organizations rely on these solutions to collaborate. In fact, according to Slack, over 100,000 organizations, including 77% of Fortune 100 companies use Slack Connect. The problem is that these services—when compromised—offer unauthorized users a goldmine of high-value data. “GTA is of primary interest to cybercriminals, as the game has its own virtual currency, which is in high demand,” said Boris Larin, chief security researcher at Kaspersky. “Once the attacker gains access to [the] the game source code, one can easily learn about all game features and game servers. It allows cheaters to find some vulnerabilities, create cheat codes and get rich by mining and selling the in-game currency, bypassing the rules set by the game developer.”

Unfortunately, the trend of exploiting collaboration applications to gain access to IP data and protected information is not a one-off. This latest breach comes just a week after hackers breached Uber’s internal Slack Channel. In a statement discussing the incident, Uber suggested the hacker gained access by purchasing a contractor’s credentials on behalf of a user and then sending them a series of multi-factor authentication requests, which the person eventually accepted. After gaining initial access, the attacker took advantage of the account’s elevated privileges and was able to gain access to later tools such as Slack, where he downloaded internal messages and other information. A similar attack occurred last June when hackers managed to gain access to EA Games’ internal Slack channel and stole 780GB of data, including the source code of Fifa 21, before leaking it after a failed blackmail attempt.
In this breach, attackers purchased stolen cookies sold online to gain access to an employee’s Slack account before contacting IT support. They then claimed to have lost their phone and requested a multi-factor authentication token so they could gain access to the organization’s wider corporate network.

How regulators are cracking down on collaboration apps

The dangers of collaboration apps are increasingly well known, particularly from regulators in highly regulated industries such as financial services, who seek to penalize the use of communication channels such as Slack, WhatsApp and email for discussion sensitive information. In fact, according to Reuters, banking giants – including JPMorgan Chase & Co, Morgan Stanley, Bank of America, Goldman Sachs, Barclays PLC, Credit Suisse Group AG, Deutsche Bank AG and UBS Group AG – face collective fines of more than 1 billion dollars. for using unauthorized messaging tools such as email and WhatsApp. In July, Morgan Stanley was fined $200 million for “use of unauthorized personal devices” and allowing employees to use WhatsApp and personal email addresses for business communications. Similarly, last December, JPMorgan was fined $200 million for allowing employees to use WhatsApp messages and emails related to the company’s business activities. The bottom line is that communication applications are insufficient to secure regulated data and IP.

Mitigating the risks of remote communication

Of course, while the security risks of collaboration apps are increasingly well known, many organizations find it impractical to completely eliminate the use of collaboration apps, especially when so many depend on them to allow employees to work together remotely from home. Instead, organizations should, at a minimum, limit the type of information shared in communication applications and prohibit the sharing of IP data of any kind. This means that if an unauthorized person manages to bypass easily exploitable passwords and multi-factor authentication checks, they will not be able to begin to infiltrate trade secrets and controlled information. The reality is that communication apps like Microsoft Teams and Slack lack the built-in security needed to protect high-value data from advanced threat actors in a way that’s compliant with rapidly evolving data protection regulations.

Alternatively, end-to-end encrypted messages

For organizations that want to continue using collaboration applications to manage such data, secure communication platforms that use end-to-end encryption provide a partial answer to these challenges. One such provider is Element, a secure messaging application recently recognized by Forrester as a leader in The Forrester Wave for Secure Communications (Q3 2022), which protects message content even if a hacker compromises the subject server or the network. “Slack is not end-to-end encrypted, so it’s like an attacker has access to the entire company’s knowledge base. A real fox in the henhouse,” said Matthew Hodgson, CEO and co-founder of Element. “An end-to-end encrypted collaboration platform means that even if an attacker gets ahold of it, they can be immediately identified as an attacker and locked out (unless they somehow manage to steal the keys from an existing client application, usually protected by Module trusted hardware platform of the device).’

The importance of user awareness

It is important not to overlook the importance of user awareness in reducing the level of risk posed by collaboration applications. In many of these breaches, hackers used social engineering to trick users into handing over multi-factor authentication codes. Training employees in these types of social engineering attacks puts them in a position to spot manipulation attempts and avoid handing over information that can compromise critical systems. “Breaches like this are a great reminder of the need for employee security training and better security controls,” said Darren James, head of internal IT at Specops Software. “Cyber ​​training should be regularly required for all employees to teach them to recognize cyber security threats and how they can help mitigate them — things like thinking twice before clicking a link or approve an MFA notification and set stronger passwords.” VentureBeat’s mission is to be a digital town square for technical decision makers to learn about and transact business-transformative technology. Discover our Updates.