Cyber criminals have found a new way to invade a computer system: They are targeting online chat services, which have become a popular way for businesses to interact with customers.
An article by Risk and Insurance reported that it can be a vulnerability for organizations that do not take the right precautions.
“Online chat services are being embraced by a lot of companies that are trying to diversify the way they reach their clientele,” said Devon Ackerman, managing director and head of incident response for the North America cyber risk practice at Kroll.
“Businesses need to be aware that organized crime groups are adapting to the online chat process and are leveraging it or abusing it to get into a business’s network."
Criminals who fraudulently access a business’s computer network often are looking to steal data or launch a ransomware attack, which could cost a business big bucks.
A criminal uses the online chat service and presents an issue for resolution that requires some kind of documentation, such as a photo of a car damaged in an accident or a disputed invoice.
When a need to transfer a document arises, a criminal will send a zip file attachment, because antivirus software doesn’t usually detect malware contained in zip files.
The ticket is routed to an unsuspecting user inside the organization, who opens the attachment and unleashes the malware within.
Ackerman said the malware often provides remote access for criminals to use a company’s computer as their beachhead to intrude further into the victim network with the goal of either data theft (data exfiltration) or a ransomware attack, sometimes within mere hours.
For businesses that use online chat service or are considering adding them, Ackerman has some advice to protect their businesses.
1. Do your due diligence
Require a level of security that matches your expectations and review the provider’s security measures on regular basis to be sure they are keeping up with evolving threats.
2. Open attachments in a sandboxed environment
Before forwarding the inquiry to the relevant customer service rep or another internal resource, direct all tickets with attachments to trained staff to open in a controlled environment and assess the safety of the contents.
Consider rejecting all attachments with zip files and require individual files instead.
3. Use a siloed computer
A simple safeguard is to open files on a security controlled computer. If you don’t open them on your main computer that you do all your business on, then it can’t infect the entire system.
4. Protect with Antivirus and/or Endpoint Threat Detection Software
Early detection of malware can help prevent a bad situation from escalating to a crisis. Ensure processes are in place to guarantee timely updating of antivirus software, and consider how your organization can collect telemetry from customer support systems.
5. Consider using fill-in forms
Rather than accepting attachments, consider technology that allows a user to fill in fields and paste scanned images of documents or photos that might otherwise be sent as an attachment.
6. Train your employees
Employees should be trained to have a bigger picture understanding of the harm that opening a corrupt file can do to an organization. If they are trained to recognize when a file may be dubious, they are better able to form a wall that prevents a criminal from accessing an organization’s network.
While accessing a network through online chat is an emerging threat, employees need to also understand that email continues to be the most prevalent way for criminals to enter an organization’s network.
“Malicious document delivery via email remains a leading trend for threat actors to gain access to networks through users’ computers,” Ackerman said.