Using Secure Chat to Navigate Through the Pandemic’s Cyber War

An assessment and case for an alternative approach to accessible and secure corporate chat and collaboration – The MindLink Chat Engine

We continue to live through unprecedented times as the world fixates its attention to the current crisis with the pandemic. The impact of COVID-19 will continue to have rippling effects on society and economies worldwide. Organisations and their employees have adapted to the “new normal” by redefining working practises and processes which includes remote working and collaboration. This is “new normal” at least for the foreseeable future but it could become the cultural norm especially as organisations continue to see productivity and reduced spending on infrastructure. To facilitate the trend of remote working and collaboration, more businesses have invested and turned towards cloud hosted chat platforms such as Microsoft Teams and Slack.

Enterprise security must always respond to changes in infrastructure and user behaviour. Specifically, far more of us than before are working from home and for extended periods. And this trend continues, remote teleconferencing and chat is rapidly changing from just an occasional, secondary activity into an organisational mainstream to help maintain productivity, business relationships, including among close colleagues in the same teams. Security and privacy are vital components that all organisations and consumers must try to understand and maintain.

Popular collaboration app Zoom which, has been very popular during the pandemic, is certainly not without any problems concerning security and privacy. During 2020, Zoom has been making headlines within the Cybersecurity domain with the cloud-based platform riddled with numerous security vulnerabilities and privacy issues, exposed by threat research organisations and security experts. Sure, it may seem that Zoom is still the safest way to meet with friends and colleagues during the pandemic, but it continues to expose vulnerabilities. This isn’t to say that other cloud-centric chat and collaboration platforms and tools, such as Slack, Trello, WebEx and Microsoft Teams, are immune from Cybercriminal attention. For organisations leaning on these platforms, security, compliance, privacy and the thought process around this, should be top of the list. We have seen evidence over the years that breaches and vulnerabilities across cloud hosted chat platforms have exposed customers - resulting in data leakages, which escalates to brand damage, Malware infestations on customer networks and more. In 2020, researchers state that Threat Actors and Cybercriminals are hard at work looking for new weaknesses to achieve all the latter.

Popular attack vectors

So far, we have talked about the pending crisis and how this has changed the world as we know it. We also know that there are several cloud-centric chat solutions out there for organisations to utilize, to enable their employees to continue to be productive as they conduct business remotely. Some cloud hosted chat and collaboration systems are highly complex and technical systems that integrate with numerous APIs, workflows and micro-services to meet business goals – all packaged within a publicly accessible self-service platform. But the small print is clear, we have seen over the years that none of these systems are “unscathed” by security issues, breaches and vulnerabilities and some have had their issues logged in the ‘Common Vulnerabilities and Exposure’ (CVE) catalogue maintained by the US Department of Homeland Security.

As more organisations are adopting the new normal of working remotely, the attention of attackers is locking onto these cloud hosted chat and collaboration platforms like we have never seen before. The relentlessness of a Threat Actor for corporate espionage whether State sponsored or domestic will pull out all the ‘punches’ to target these public chat systems to steal information such as chat logs, file artefacts and chat data. I’ll emphasise on this a bit more later.

Cloud hosted chat platforms could easily be exposed to some common exploitation strategies and attack vectors:

  • Man in the middle attacks
A man-in-the-middle attack occurs when an attacker re-routes communication between two users through the attacker's computer without the knowledge of the two communicating users. The attacker can monitor and read the traffic before sending it on to the intended recipient. Each user in the communication unknowingly sends traffic to and receives traffic from the attacker, all while thinking they are communicating only with the intended user.
  • Social Engineering
Apart from exploiting security bugs, Cybercriminals have other attack vectors when it comes to collaboration. Apps like Slack, Microsoft Teams and others have messaging components that can be used for phishing attacks and to deliver malware payloads through links and attachments, just like email.
  • Brute Force Attacks
External attackers can leverage stolen credentials or conduct brute-force and credential-stuffing attacks to gain access to such platforms. They could go so far as to impersonate the employee in conversations and send malicious attachments to pivot onto an employee’s workstation.
  • Exploiting Undiscovered Vulnerabilities
There are ecosystem weaknesses too. For instance, Slack offers a software library containing add-ons that can be installed in just a couple of clicks. An attacker could create a Slack add-on that advertises some great features but also reads channel data. If an end user mistakenly installs the add-on, they could expose all Slack channels to the attacker.
  • Misconfiguration
Popular online collaboration platform Trello, which is used in corporate settings to organize to-do lists and coordinate team tasks, has a problem in that it is indexed by Google if its boards are set to “public”. These public boards’ specific contents can also be searched using a special search called a “dork”. This setting is surprisingly easy to implement by mistake, as evidenced by an incident earlier this year at office-space company Regus. A Trello public board exposed the performance ratings of hundreds of Regus staff. The Trello incident was due to end users setting their boards to public and not fully realizing how easy it was for someone to search for the public boards. The groups that created the boards were posting sensitive information and thus exposing the organization to unnecessary risk.

How safe is chat and collaboration in the Cloud?

Whether its commercial or consumer chat, the risks are equal. I remember reading a case about the Syrian Civil War. Syrian Rebels were using the popular Microsoft Skype chat and collaboration app as their primary communication system to coordinate battlefield and military operations. However, it was discovered that Gigabytes of data had appeared to have been stolen from the forces that opposed President Bashar al-Assad of Syria in the country's ongoing and civil war. The information that was stolen shed valuable insight into military operations planned against the President's forces. The data appears to have been obtained by hackers who posed as women via Skype and Facebook and tricked their targets into running malware (guised as photos) that gave the hackers remote access to their computer devices, allowing them to steal all files located on their devices.

Again, this is just one case in many thousands illustrating how popular cloud hosted chat systems can be exploited. One of the biggest value propositions offered by Teams, Slack and many others is cross-team and cross-company and partner collaboration. This widens the doorway for an attacker even further. We’ve seen over the years that there have been several breaches and security risks exposed in such systems and environments, so this potentially opens that type of avenue for attack in much larger scales. For instance, an attacker targeting and breaching a company’s cloud hosted chat ecosystem, could also pivot the attack to any other customer’s chat ecosystem and steal data from many different clients. The breach could theoretically go as far as retrieving sensitive data from chat logs, but also a hack of the chat instance for Company “A”; the attacker could come to find out that the instance has employees from Company “B”, and now the attacker can use that as an avenue to target Company B.

Such scenarios pose many real risks as many co-located or integrated vendors have served as entry points for attackers. The security of partners and the services enterprises connecting to partners has come under increased scrutiny. For example, in November 2013, US HVAC company Fazio Mechanical Services, a provider of refrigeration and HVAC systems had its closed off partner network and communication system breached. This network allowed the company to service its customers by remotely collaborating with customers and troubleshooting HVAC systems. The company’s customer list included top retailers such as US retailer ‘Target’. Because of this breach, clients connected through the partner network became the target for the attackers. The attack on Fazio Mechanical Service’s network pivoted on to Target’s network. The attackers then moved stolen data off Target’s network which, included stealing millions of debit and credit cards.

The MindLink Chat Engine

Cloud based ecosystems especially within the chat and collaboration domains have gained popularity over the years and there is no denying that the trend will continue. However, the argument I make in my discussion above is that there is a vast amount of data and evidence which suggests that an organisation’s Security Analysts should consider alternative approaches in securing the organisation’s most vital chat data. Companies concerned about securing their chat ecosystem and data should consider the alternatives. This becomes a monumental argument especially in the current climate where there seems no visible end to the global pandemic. Attack vectors will continue to evolve and expand with the current crisis - attackers have put their foot down on the pedal and ramped their offensive focusing their attention mostly on cloud hosted systems.

I make the case for better protection against the threat, by being self-hosted/on-premises. MindLink’s Chat Engine is an industry class platform which alleviates the concerns I have expressed in this article. It is a secure on-premise persistent chat system which gives you a best-in-class security and feature richness. MCE is less vulnerable to direct and indirect attacks as organisations ultimately hold the keys to security. The platform sits within the corporate perimeter, governed by policies maintained by an organisation’s security operations center (SOC).

What makes the MindLink Chat Engine different to other popular cloud-based chat ecosystems?

  • Organisations control security and not external vendors and third parties
  • Your chat within your security perimeter
  • Security and defense industry class access control mechanism
  • Managed user access and data privacy between users, teams and other organisations
  • Support for classification attribution – users only see data that they’re authorised to see
  • Full support for Ethical Walls for additional security and compliance
  • Multi-tenant chat with guest access through specialized access control and authentication
  • High-volume, real-time messaging
  • Immutable and fully searchable persistent chat
  • Flexible, lightweight and designed to securely integrate with numerous partner collaboration platforms

To conclude my thoughts; I make a strong argument for deploying MindLink’s Chat Engine. Having spent a significant time within the security industry and having a considerable knowledge and understanding of the domain, MindLink Chat Engine protects against a multitude of attack vectors to safeguard your corporate chat.