At Avanan, we've discussed how collaboration apps like Slack and Teams aren't as secure as you might think. The apps aren't inherently secure and need additional protections, like the one that Avanan provides.
We've seen this happen recently in the case of EA Sports. A group of hackers broke into Slack, taking the login information of users that were stored in stolen cookies. Once there, they tricked an IT support employee into giving an MFA code and login. Firmly in the system, the group stole some 780GB of data.
This is a common attack method within Slack. It is easy for hackers to do an account takeover and pose as an employee. This becomes simple because profiles are just indicators of identity, and can be easily edited. You'll see this sometimes as an internal joke, where an employee changes their name to someone famous. Consider this example:
Maybe someone isn't impersonating Jeff Bezos, but you can see how it can be done and how it can easily fool someone. Once an attacker is in, a lot of damage can be done, including forwarding of sensitive information, the introduction of malicious links and East-West attacks.
If Slack is not protected, then these things will happen. Slack holds incredibly valuable data, as companies use it more and more for internal discussions. Sensitive documents are shared. Discussions about employees are shared. Personal details flow frequently.
Securing Slack must be a priority. Luckily, with Avanan, it's easy:
- Every file is sandboxed before downloading. When zero-day malware or ransomware is discovered, Avanan quarantines the file, performs threat extraction, and alerts the user, who has the option to request file restoration.
- DLP security tools detect leaks of PCI, HIPAA, FERPA, PII, and other sensitive information. When necessary, Avanan adds a -classified suffix to the end of confidential messages or files. Flexible workflows determine if the content is quarantined, the user is alerted, and/or the file is encrypted with IRM.
- The anomaly engine monitors all Slack logins and events for suspicious activity. Avanan alerts the Slack administrator, the affected accounts, and disables the compromised account to prevent the spread of sensitive data, malicious files, and phishing URLs.
- A detailed dashboard updates administrators on general usage in Slack. The Avanan Slackbot logs the total number of users, files, shares, links, logins, channels, and threat detections.
If there is valuable data on Slack (or any other collaboration app), it's a target for hackers. That's why it's so important to secure all forms of collaboration. Everywhere you do business, from collaboration to file sharing, is an essential part of your security strategy. The goal is to secure the entire SaaS suite. That's what we do at Avanan.