Slack is one of the most popular employee communication tools used by businesses today. The ease, efficiency, and user-friendly nature of Slack allows for easy collaboration on team projects. Slack helps with organization and file storage and, with instant messaging, allows for employees to get things done when they need to.
These types of communication softwares have been used by hackers countless times. But this abuse to Slack is the first we’ve seen of this service. Do you use slack or another communication platform in your business? If so, this is a blog you’ll want to read through.
“The technique of infecting websites that are of interest to a particular group of individuals or organizations is known as a ‘watering hole’ attack.” -IT World
This is exactly what happened with the Slack hack. It’s not clear how the victims of this hack were trafficked to the site, but attackers used Internet Explorer to show links that looked like a campaign. These malicious pages would only show through Internet Explorer.
If you updated your Windows systems in May of 2018, you were safe from this attack. If not, and the hack reached a user, this enabled users to click on dangerous links and download viruses that would ultimately infect their devices. The hackers had complete command and control, which means they could essentially do anything they wanted to, right on your computer.
Hackers used Slack and Github to hide the command and control communication throughout this watering hole attack. A program like Slack is easily targeted because of its ease of use and free services.
Did you think this would ever happen? Would you expect Slack to be used in this way? This may feel close to home if your business uses Slack, or if you use a similar system. Though we trust most the systems we use, it’s still possible for these things to happen in the world of digital information. Be sure the information in your business is safe and secure, and have a plan for emergency preparedness when it comes to hacking.
M&H Consulting helps with all IT needs for the small to medium-size business. Reach out to us today at 1.866.964.8324.
Categorised in: Uncategorized