Page 55 - Cyber Defense eMagazine September 2023
P. 55
Increased risks with collaboration tools
Collaboration and communication tools increase the risk of cyber threats from multichannel social
engineering and phishing scams. Phishing attacks are escalating and growing more sophisticated. One
study shows that in 2022, phishing scams increased by 61% from the previous year.
https://www.cnbc.com/2023/01/07/phishing-attacks-are-increasing-and-getting-more-sophisticated.html
Other attacks commonly affect API-based platforms. APIs are a frequent target of hackers and malicious
actors due to the data that can be accessed, such as personally identifiable information (PII) or financial
details. Some frequent and common API attacks include Distributed Denial of Service (DDoS) attacks,
authorization hijacking and man-in-the-middle attacks. Sources of vulnerability include broken or “zombie
APIs” that no longer function properly or have flaws.
In addition, when multiple communications tools and channels are enabled, it is easier for hackers to
infiltrate systems and data. Some communications tools carry multiple vulnerabilities and threat actors
can gain access to confidential data or information.
Security flaws in popular video conferencing tools recently left users and client systems susceptible to
threats including malware and malicious code. Because of software flaws or inadequate cybersecurity,
video conferencing tools carry risks such as meeting infiltration by unauthorized parties, as well as
unauthorized access to data, confidential conversations, or information.
Other risks with video communications tools include advancement of Deepfake technology. The US
Department of Homeland Security defines deepfakes as, “an emergent type of threat falling under the
greater and more pervasive umbrella of synthetic media, utilize a form of artificial intelligence/machine
learning (AI/ML) to create believable, realistic videos, pictures, audio, and text of events which never
happened.”
Deepfakes can produce significant threats to business organizations such as false representation of
corporate or leadership figures, fraudulent transactions, or extortion.
Furthermore, the use of “shadow apps,” which include unauthorized applications downloaded by
employees, increases vulnerabilities throughout the organization and leads to a loss in visibility and
control. Risks with shadow IT or apps unauthorized include cybersecurity risks, unauthorized access to
data, and compliance risks.
The vulnerabilities in collaboration platforms are a significant issue for companies in sectors that handle
sensitive information and data. Cybercriminals continue to target firms in sectors including financial
services, higher education, healthcare, manufacturing, governments and state agencies. Malicious actors
continue to find selling data on the dark web to be lucrative and will change tactics continuously to stay
in business.
Cyber Defense eMagazine – September 2023 Edition 55
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.