Increased risks with collaboration tools

            Collaboration  and  communication  tools  increase  the  risk  of  cyber  threats  from  multichannel  social
            engineering and phishing scams. Phishing attacks are escalating and growing more sophisticated. One
            study  shows  that  in  2022,  phishing  scams  increased  by  61%  from  the  previous  year.
            https://www.cnbc.com/2023/01/07/phishing-attacks-are-increasing-and-getting-more-sophisticated.html

            Other attacks commonly affect API-based platforms.  APIs are a frequent target of hackers and malicious
            actors due to the data that can be accessed, such as personally identifiable information (PII) or financial
            details.  Some frequent and common API attacks include Distributed Denial of Service (DDoS) attacks,
            authorization hijacking and man-in-the-middle attacks. Sources of vulnerability include broken or “zombie
            APIs” that no longer function properly or have flaws.

            In addition, when multiple communications tools and channels are enabled, it is easier for hackers to
            infiltrate systems and data. Some communications tools carry multiple vulnerabilities and threat actors
            can gain access to confidential data or information.

            Security flaws in popular video conferencing tools recently left users and client systems susceptible to
            threats including malware and malicious code. Because of software flaws or inadequate cybersecurity,
            video  conferencing  tools  carry  risks  such  as  meeting  infiltration  by  unauthorized  parties,  as  well  as
            unauthorized access to data, confidential conversations, or information.

            Other  risks with  video communications  tools  include  advancement  of  Deepfake  technology.  The  US
            Department of Homeland Security defines deepfakes as, “an emergent type of threat falling under the
            greater and more pervasive umbrella of synthetic media, utilize a form of artificial intelligence/machine
            learning (AI/ML) to create believable, realistic videos, pictures, audio, and text of events which never
            happened.”

            Deepfakes can produce  significant threats to business organizations such as false representation of
            corporate or leadership figures, fraudulent transactions, or extortion.


            Furthermore,  the  use  of  “shadow  apps,”  which  include  unauthorized  applications  downloaded  by
            employees,  increases  vulnerabilities  throughout  the  organization and  leads  to  a  loss  in  visibility  and
            control. Risks with shadow IT or apps unauthorized include cybersecurity risks, unauthorized access to
            data, and compliance risks.

            The vulnerabilities in collaboration platforms are a significant issue for companies in sectors that handle
            sensitive information and data.  Cybercriminals continue to target firms in sectors including financial
            services, higher education, healthcare, manufacturing, governments and state agencies. Malicious actors
            continue to find selling data on the dark web to be lucrative and will change tactics continuously to stay
            in business.












            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          55
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.