It turns out that the modern tools that we rely on to improve collaboration and increase productivity are the very same ones that cybercriminals are using to distribute toolkits and inject malware.
A new report from Guardio, a provider of a tool for securing browsers, finds Telegram, a provider of an encrypted messaging service is also now being used to distribute kits that are used to launch phishing attacks. According to the report, Telegram is only one of several online services being used to distribute phishing kits.
The problem also extends to cloud services that, for years, have been used to distribute malware. Everything from popular services such as Gmail and Slack to application services such as Trello have all been used by cybercriminals to distribute malware to unsuspecting end users. The assumption is these types of services are safe because the providers of them have given their IT teams access to tools and platforms to ensure cybersecurity.
In reality, stolen credentials that are used to access these services make it relatively simple for cybercriminals to turn them into highly efficient malware distribution systems. Most recently, for example, a DarkGate cybercriminal entity has been identified as the perpetrator of an effort to inject malware into the Microsoft Teams service.
Of course, cloud services can also be forces for cybersecurity good. Many organizations require employees to store documents in services such as Google Drive before downloading them. That approach makes certain that documents such as PDF files are scanned for common forms of malware before being installed on a machine.
Nevertheless, malware is being distributed using everything from email to software-as-a-service (SaaS) applications and the cost of combatting this scourge is only rising. Clorox, for example, just revealed that a breach the company suffered last year cost $49 million. Insurance may eventually cover a portion of those costs but there is a significant delay between when those costs are incurred and a check from an insurance provider might be cashed. While Clorox might have the financial resources to weather that storm, the average small to medium business (SMB) would likely be unable to meet its debts in the wake of a major attack. In fact, a recent report finds organizations are spending an average of $5.4 million to respond to compromises, with $2.36 million attributed to disruption of operations caused by breaches that cybersecurity teams were unable to prevent. A majority (57%) of respondents reported their organizations suffered one or more cyberattacks in the past 12 months, with nearly half (48%) reporting their organization suffered a data breach in the past 12 months and lost, on average, 340,267 individual records.
The smaller the organization the less likely it is they would be able to afford a cyberattack. Many would simply close shop after being unable to make payroll.
It’s not clear to what degree the malware wrecking all this havoc arrives via some cloud service but given the propensity that cybercriminals have shown toward favoring the path of least resistance, chances are good much of it arrives via cloud services that far too many of us are inclined to trust without much of a second thought.