AT&T Alien Labs recently conducted research into how webhooks in Slack can lead to some pretty convincing phishing attacks.
This is an interesting attack vector against Slack which is among the few popular messaging tools used in organisations. The concerning aspect about this is that people tend to lower their guard when receiving links on messaging platforms, and in particular when on mobile devices. All this combined can lead to a great increase in the likelihood of a spearphishing attack being successful. It is why employees need to be wary of phishing attacks not just from email, but all social media platforms. In addition, organisations should have threat detection and response controls in place so that in the event an employee does fall victim to a phishing attack, it can be quickly identified and remediated before becoming a widespread incident.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics