Popular messaging tools like WhatsApp, Telegram, Teams, and Slack are presenting new mobile and web application vulnerabilities for organizations, according to a recent report by cybersecurity company SafeGuard Cyber.
The 2023 Business Communication Risk Report indicates that nearly half (42%) of organizations have experienced new security incidents linked to employees using messaging apps on their personal devices for work purposes. Additionally, the report reveals that a staggering 66% of threat indicators are found in transient messages associated with cloud-based collaboration tools.
The report, based on proprietary data collected from the SafeGuard Cyber platform between January and October 2023, further emphasizes the emergence of a new attack category known as “business communication compromise” (BCC). This category stems from the growing use of cloud-based collaboration tools and the crossover between personal and business devices. Cybercriminals are increasingly exploiting this trend to target login credentials, financial reports, and other sensitive information.
Phishing emails often serve as the initial entry point for such attacks, enabling attackers to move across various communication platforms like Slack and Teams. Once infiltrated, attackers can leverage social engineering tactics such as impersonation to gain access to sensitive information within a network.
The report also highlights the multilingual nature of these cyber threats, with SafeGuard Cyber monitoring messages in over 52 languages. Notably, nearly a quarter of the analyzed messages on WhatsApp were non-English.
Among the flagged messages for security or compliance risks, WhatsApp stood at 42%, followed by Telegram (24%), Slack (17%), and Teams (17%). Impersonation warnings triggered 42% of flagged messages, while 23% involved potentially sensitive attachments potentially violating regulatory compliance laws.
The report emphasizes the need for organizations to strengthen their defenses by gaining greater visibility into business communication channels. This includes implementing security strategies that adapt to evolving human behavior patterns.
“It’s evident that traditional email is taking a backseat in business communication, with employees increasingly utilizing familiar messaging apps like WhatsApp and Telegram for work purposes,” states Chris Lehman, CEO of SafeGuard Cyber. “While this can enhance productivity, our data indicates that the rise of these apps also creates new entry points for malicious actors.”
Lehman further emphasizes the importance of unified visibility and contextual analysis in mitigating these threats. “With the ease of engaging customers through WhatsApp, an attacker can launch a simple phishing attack to trick users into revealing sensitive information,” he explains. “Unified visibility and contextual analysis are crucial tools in countering such threats.”