Discord and Slack abused to distribute malware, C&C (Cisco Talos)

[Ink]

Content source

https://www.techradar.com/news/discord-and-slack-are-becoming-hotbeds-for-malware

A new report from Cisco’s Talos cybersecurity team found that the Content Delivery Networks (CDN) methods which many instant messaging platforms use to allow seamless filesharing, are at the very heart of criminals’ newfound love for these chat apps.

CDNs allow users to store files on the apps’ servers and are often hardcoded, making them available inside and outside the app. Uploading compressed files over encrypted HTTPS makes detection extremely difficult, while users tend to be less careful when receiving files from inside a known and trusted environment.

The targeted tools come with a few perks, designed to make communication more seamless, that cybercriminals can leverage to distribute malware and ransomware more easily, and they’ve quickly jumped on that bandwagon. Besides distribution, they’re also using these platforms for command and control, as well as to exfiltrate sensitive data from the victims.

Report by Cisco TALOS

Sowing Discord: Reaping the benefits of collaboration app abuse

As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows. * Attackers are leveraging collaboration platforms, such as Discord and Slack, to stay under the radar and evade organizational...

blog.talosintelligence.com