Slack eDiscoveryįor organizations using Slack plan, it’s essential to have the ability to conduct eDiscovery in a timely and efficient matter. We’ll get into how to fill Slack eDiscovery needs in the following section. Slack has chosen trusted partners to help organizations export their Slack data for eDiscovery (eDiscovery is the technical term in which electronic data is sought, located, secured, and searched) purposes. Through Slack’s Discovery API, Org Owners can use approved third-party apps to pull messages and files from Slack and store them in separate data warehouses. The good news is there are answers to all of these questions, but this article will cover one of the most popular questions which are, “How do I export Slack data?” The short answer is, Slack offers what they call their “ Discovery API” (which is only offered on Slack’s Enterprise Grid plan) to export Slack data. What do I do if I want to export Slack private messages?.Like introducing any new technology for the first time, these teams will naturally have a lot of questions. Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware.While adopting a tool like Slack is beneficial from a productivity standpoint, your compliance and legal teams might be a little unaccustomed to its structure. The pandemic-induced shift to remote work drove business processes onto these collaboration platforms in 2020, and predictably, 2021 has ushered in a new level cybercriminal expertise in attacking them.Ĭisco’s Talos cybersecurity team said in a report on collaboration app abuse this week that during the past year threat actors have increasingly used apps like Discord and Slack to trick users into opening malicious attachments and deploy various RATs and stealers, including Agent Tesla, AsyncRAT, Formbook and others. “By leveraging these chat applications that are likely allowed, they are removing several of those hurdles and greatly increase the likelihood that the attachment reaches the end user.” Content Delivery Network Abuse “One of the key challenges associated with malware delivery is making sure that the files, domains or systems don’t get taken down or blocked,” Talos researchers explained in their report. The researchers explained that Slack, Discord and other collaboration app platforms use content delivery networks (CDNs) to store the files shared back and forth within channels. As an example, Talos uses the Discord CDN, which is accessible by a hardcoded CDN URL from anywhere, by anyone on the internet. “This functionality is not specific to Discord. “Files can be uploaded to Slack, and users can create external links that allow the files to be accessed, regardless of whether the recipient even has Slack installed.” Other collaboration platforms like Slack have similar features,” Talos reported. The trick, the team said, is to get users to click on a malicious link. Once it has evaded detection by security, it’s just a matter of getting the employee to think it’s a genuine business communication, a task made easier within the confines of a collaboration app channel.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |