Can Someone Hack My Online Chat? You Bet They Can. Here’s 7 Ways to Stop Them
Cyber criminals are always looking for new ways to invade a computer system. Email has long been and continues to be a tried-and-true phishing method for introducing documents loaded with malware into organizations.
Now criminals have found another way in.
They are targeting online chat services, which have become a popular way for businesses to interact with customers.
“Online chat services are being embraced by a lot of companies that are trying to diversify the way they reach their clientele,” said Devon Ackerman, managing director and head of incident response for the North America cyber risk practice at Kroll.
“A company can talk with customers online or answer a question about their services versus having a 1-800 number that has a long wait time, and which leads to frustration for customers. It’s instant gratification.”
Sounds great, right?
It can be, but Ackerman, whose company provides services and digital products related to governance, risk and transparency in 30 territories and countries around the world, said it also can be a vulnerability for organizations that do not take the right precautions.
“Businesses need to be aware that organized crime groups are adapting to the online chat process and are leveraging it or abusing it to get into a business’s network,” he said.
Criminals who fraudulently access a business’s computer network often are looking to steal data or launch a ransomware attack.
Ackerman said such an attack can cost between $1 and $5 million for larger companies and in the range of $500,000 for smaller ones.
Here’s How the Scheme Works
A criminal uses the online chat service and presents an issue for resolution that requires some kind of documentation, such as a photo of a car damaged in an accident or a disputed invoice.
When a need to transfer a document arises, a criminal will send a zip file attachment, because antivirus software doesn’t usually detect malware contained in zip files.
The ticket is routed to an unsuspecting user inside the organization, who opens the attachment and unleashes the malware within.
Ackerman said the malware often provides remote access for criminals to use a company’s computer as their beachhead to intrude further into the victim network with the goal of either data theft (data exfiltration) or a ransomware attack, sometimes within mere hours.
For businesses that use online chat service or are considering adding them, Ackerman has some advice to protect their businesses.
1) Do Your Due Diligence
Most online chat services are provided by third parties that customize their software for an organization.
Determine what security measures they use when creating tickets with attachments.
Also, ask what resources they have to assess the security of those attachments.
Require a level of security that matches your expectations and review the provider’s security measures on regular basis to be sure they are keeping up with evolving threats.
2) Open Attachments in a Sandboxed Environment
Before forwarding the inquiry to the relevant customer service rep or another internal resource, direct all tickets with attachments to trained staff to open in a controlled environment and assess the safety of the contents.
Consider rejecting all attachments with zip files and require individual files instead.
3) Use a Siloed Computer
A simple safeguard is to open files on a security controlled computer.
If you don’t open them on your main computer that you do all your business on, then it can’t infect the entire system.
“If an employee opens something malicious, all they are infecting is the stand alone, siloed computer,” Ackerman said. “It’s a built-in security control.”
4) Protect with Antivirus and/or Endpoint Threat Detection Software
Early detection of malware can help prevent a bad situation from escalating to a crisis.
Ensure processes are in place to guarantee timely updating of antivirus software, and consider how your organization can collect telemetry from customer support systems.
5) Consider Using Fill-in Forms
Rather than accepting attachments, consider technology that allows a user to fill in fields and paste scanned images of documents or photos that might otherwise be sent as an attachment.
6) Test Your Online Chat Security
Do a vulnerability assessment and/or penetration test to provide peace of mind or identify security weaknesses that should be addressed.
7) Train Employees
It’s common for criminals to upload a corrupted file by claiming, for instance, that it’s the only way they can upload it, and to ask an employee to open it and see if it was received.
Ackerman said employees should be trained to have a bigger picture understanding of the harm that opening a corrupt file can do to an organization. If they are trained to recognize when a file may be dubious, they are better able to form a wall that prevents a criminal from accessing an organization’s network.
“With that training, they are better able to understand the restrictions a company has in place,” Ackerman said. “They understand why customers can only send PDFs.”
He added employees should undergo annual training about threats and new trends, which should include real world scenarios about how threat actors are attempting to social engineer and/or convince them to click the wrong thing.
It’s easy to understand how employees may become lax about opening files when it’s what they do all day.
“Many employees work in the sort of work flow where they request a file, they receive a file, they open a file,” he said. “So, they receive a file, and what do they do? They open it. They need to have the training that helps them recognize that someone could be trying to abuse the system.”
While accessing a network through online chat is an emerging threat, employees need to also understand that email continues to be the most prevalent way for criminals to enter an organization’s network.
“Malicious document delivery via email remains a leading trend for threat actors to gain access to networks through users’ computers,” Ackerman said. &