Hiding in Plain Collaboration: How Hackers Utilize Slack and Trello to Deploy Malware

Cybercrime Hackers are increasingly hiding within services such as Slack and Trello to deploy malware

The Increase in Cybercriminals Abusing Legitimate Internet Services

Criminal hackers are constantly finding new ways to blend into popular applications to avoid detection and find unsuspecting victims. A recent analysis by Recorded Future’s Insikt Group found that at least a quarter of the 400 malware families deployed over the past two years abused legitimate internet services as part of their infrastructure. This allows hackers to blend in with normal traffic and complicates the job of defending networks.

The abuse of legitimate web services by cybercriminals and state-aligned hackers has been studied for years. However, this analysis provides a more nuanced understanding of how these services are used and abused within their environments. The goal is to help defenders better understand the types of services that are frequently abused and develop more proactive detection strategies.

The Most Abused Legitimate Services

According to the analysis, cloud storage platforms are the most abused legitimate services, followed by messaging apps, email services, and social media. Popular platforms such as Pastebin, Google Drive, Dropbox, and Telegram are frequently abused because of their wide usage and user-friendly APIs. Other messaging services, including Slack, have also been used as command and control platforms by hackers. In some cases, even productivity and collaboration services like Notion and project management software like Trello have been abused by hackers.

Infostealers and Their Role in Cybercrime

The analysis also highlights that infostealers, malware designed to steal login credentials, financial details, and personal information, are frequently abused by cybercriminals. Infostealers are a key element in the evolving cybercrime ecosystem and often lead the way in terms of innovation. They have lower infrastructure requirements and are sold on cybercrime forums to operators who may lack technical expertise. This ease of setup makes them attractive to cybercriminals.

The Implications and Future Trends

The lack of widespread and systematic analysis makes drawing comprehensive conclusions difficult. However, there are strong indicators suggesting that the abuse of legitimate internet services is increasing. High-level cybercrime and state-aligned hacking groups are rapidly innovating and updating their malware to support functionality across different services. This trend is expected to continue, with advanced persistent threat groups leading the way and influencing less-sophisticated groups over time.

Editorial and Advice

The Need for a Nuanced Defense Strategy

The increasing abuse of legitimate internet services by hackers calls for a more nuanced defense strategy. Defenders must have a comprehensive and systematic understanding of how these services are abused across different malware categories and threat actors. This knowledge will help in identifying susceptible services, developing proactive detection strategies, and balancing security and operational requirements.

Collaboration Platforms Must Enhance Security

The analysis highlights the need for collaboration platforms to enhance their security measures. Services like Slack, Trello, and Notion have been abused by hackers as command and control platforms. It is crucial for these platforms to strengthen their API security and implement stricter access controls to prevent abuse by malicious actors. Collaboration platforms must prioritize security measures to protect their users.

User Education and Awareness

Users of internet services should also take steps to protect themselves. It is important to be cautious while using popular platforms and be aware of the potential risks involved. Users should adopt strong and unique passwords, enable two-factor authentication (2FA), and regularly update their software and applications. Additionally, organizations should provide cybersecurity training to their employees to increase awareness and promote best practices.

Government Regulation and Cooperation

The increasing abuse of legitimate internet services by cybercriminals underscores the need for government regulation and international cooperation. Governments should consider implementing stricter regulations on data protection and cybersecurity measures to hold service providers accountable for the security of their platforms. International cooperation is essential to share intelligence and resources to combat cybercrime globally.

Overall, the analysis highlights an evolving threat landscape where cybercriminals are leveraging legitimate internet services to hide their malicious activities. A comprehensive defense strategy, enhanced security measures on collaboration platforms, user education, and government cooperation are all crucial in mitigating this emerging cybersecurity threat.