Popular messaging tools like WhatsApp, Telegram, Teams and Slack are fueling new mobile device and web application threats in organizations. That’s according to the 2023 Business Communication Risk Report from cyber security company SafeGuard Cyber. Almost half (42 percent) of organizations reported new security incidents linked to employees with bring your own devices (BYOD) using messaging apps in business environments. What’s more, the report showed that 66 percent of threat indicators are found in transient messages associated with cloud-based collaboration tools.
The report is based on proprietary data collected from the SafeGuard Cyber platform between January 2023 and October 2023.
Last year, researchers found SpinOk malware in multiple Android apps that had been downloaded more than 30 million times. The malware-riddled apps were discovered on the Google Play store, following an investigation by cyber security company CloudSEK.
Growth of cloud-based collaboration tools creates new attack category
The proliferation of cloud-based collaboration tools and the new personal/business device crossover has created a new attack category – business communication compromise (BCC), the report read. Threat actors are increasingly targeting the full range of collaboration tools to exploit login credentials, financial reports and other proprietary data, it added.
Attacks can start with a phishing email and then, if successful, move across other communication platforms like Slack or Teams. “From there, an attacker could use a social engineering tactic like impersonation to get into the network and steal sensitive information.”
Bad actors don’t just operate in English either, with cyber criminals targeting victims through messaging tools wherever they are, the report warned. SafeGuard Cyber monitored messages in over 52 languages with almost a quarter of the messages analyzed on WhatsApp in a language other than English.
Of the messages flagged for security or compliance risks, 42 percent occurred in WhatsApp, 24 percent in Telegram, 17 percent in Slack and 17 percent in Teams, according to the report. Furthermore, 42 percent of flagged messages involved trigger impersonation warnings and 23 percent had attachments identified as potentially sensitive and in breach of regulatory compliance laws.
Protect data and operations with visibility of business communication channels
Organizations must fortify their defenses to protect critical data and operations, much of which relies on gathering greater visibility over business communication channels, the report stated. A key element of this is to adjust security strategies that will complement human behavioral patterns, it added.
“Clearly, there is an evident shift away from traditional email for business communication. Employees have carried over the use of popular messaging apps like WhatsApp and Telegram from their personal lives to conduct business,” said Chris Lehman, CEO, SafeGuard Cyber. “Although beneficial for productivity, our data indicates that the rise of these apps means new entry points for bad threat actors.”
As easy as it is for an employee to engage a customer through WhatsApp, a hacker can carry out a simple phishing attack in hopes of tricking a user into revealing sensitive information, Lehman added. “The answer here is through unified visibility and contextual analysis.”