Press Center

Malware and antivirus software

News

When an employee’s social mindset becomes a threat to business

Created: 2023-12-04 04:00:31

 

In today’s business environment, where innocent GIFs and shared documents can be weaponized, protecting cloud-based collaboration from the spread of malware should be a priority.

As our lives settle ever deeper into online environments and digital behaviors, cybercriminals are leveraging new vectors that allow for phishing, data theft, and spreading malware. Recent incidents show that mixing people’s professional and personal minds (an ever-present human factor) can create new weaknesses in a business’s cybersecurity. 

Imagine your employees browsing their favorite social media platform on their personal time; they might find an interesting picture or emoji and its embedded link, which they then share — no one would mind such a distraction. Now, imagine your employees checking their various professional chats and threads; something between their personal and professional interests sparks their minds. Hence, they react by sharing an article, an interesting picture, or an emoji and its embedded link. This time, they share with their colleagues on a cloud-based platform such as Microsoft Teams . . . just for fun or even for professional inspiration.

A pretty common thing in an office, right? Well, bad actors can abuse even these everyday activities. Putting it simply, behaviors common to navigating and enjoying social media platforms can raise risks for business platforms, which have now become ubiquitous for small and medium businesses (SMBs) and enterprises alike.
Fortunately, multilayered ESET cybersecurity technology has an answer for such incidents with ESET Cloud Office Security (ECOS), which is now expanding beyond Microsoft 365 applications to include the Google Workspace.

Sharing reports, jokes, and malware

Let’s start with weaponized pictures, GIFs, and emojis. The technique of concealing a file, message, image, or video within another file, message, image, or video is called digital steganography, and it is nothing new in cybersecurity.

The first documented case of its use in a cyberattack dates back to 2011, when the Duqu malware was discovered. This malware gathers data about the infected device and transmits them back to the command-and-control (C&C) server hidden in a JPEG file meant to look like an innocent picture.  

Since then, ESET researchers have analyzed numerous similar attacks.

In 2022, BleepingComputer reported about a new attack technique called GIFShell that allows threat actors to abuse Microsoft Teams for phishing attacks and executing commands to steal data using GIFs.

Using numerous Teams vulnerabilities, GIFShell allows an attacker to create a reverse shell. This technique tricks users into installing malware that connects the victim’s device to the attacker’s command-and-control server. After the connection is established, the command-and-control server delivers malicious commands via weaponized GIFs in Teams. These commands can, for example, scan the device for sensitive data and then exfiltrate the output, again, through GIFs retrieved by Microsoft’s own infrastructure.

Large cloud-based platforms like Microsoft 365 with its Teams app saw rapid growth during the pandemic and, by Q1 2023, had approximately 280 million users. With such growth and new online behaviors, the scope for abuse on large platforms has only grown.

However, increasing attention has been shown to these threat vectors by researchers. In June 2023, UK-based security services provider Jumpsec's Red Team discovered an easy way to deliver malware using Microsoft Teams via an account outside the target organization. Even though Microsoft Teams has client-side protection preventing file delivery from external sources, Red Team’s members bypassed it by changing the internal and external recipient ID in the POST request of a message.

That way, researchers were able to fool the system into thinking that an external user was, in fact, an internal account. Specifically, they successfully delivered a command-and-control payload into a target organization’s inbox. If this attack had happened in a real-life environment, bad actors could have taken over the control of a business’s devices.

Users shielded via multilayered protection

To deal with threats coming from increasingly popular cloud-based applications, ESET created its Cloud Office Security (ECOS) solution. It is a powerful combination of spam filtering, anti‑malware scanning, anti‑phishing, and advanced threat defense capabilities able to mitigate even never-before-seen threat types.

With this multitenant and scalable product, businesses can protect their entire Office 365 suite, including Exchange Online, MS Teams, OneDrive, and SharePoint Online. For example, one of the things that ECOS does is that it scans all files transmitted through MS Teams and those uploaded or downloaded to SharePoint Online, scanning it regardless of who the author of the content is.

ECOS effectivity in numbers:

  • In the first ten months of 2023, ECOS detected and blocked over 1 million email threats, over 500,000 phishing emails, and over 30 million spam emails.
  • Thousands of never-before-seen detections were made by the cloud analysis component of ESET LiveGuard Advanced.
  • ECOS detected and stopped tens of thousands of threats in cloud storage and collaboration tools like OneDrive, Teams, and SharePoint.

In its latest offering, ESET goes even further, integrating ECOS with Google Workspace to protect users from the aforementioned threat types. This means that ESET now protects the major cloud email providers.

Adding more protection

The many functions outlined here are critical for security in large part because they scale easily and provide concrete improvements for businesses. However, ESET has sought to do even more for SMBs. In October 2022, ESET endpoint security solutions integrated with Intel® Threat Detection Technology (Intel® TDT), which went live for select vPro 9th Gen (and higher) powered laptops, with integrated functionalities providing improved hardware-based ransomware detection.

This year has seen further improvements to the integration with the higher performance of the newly launched 13th Gen Intel® Core™ processors, which further enable unique ransomware detections shared between ESET endpoint security and its layers, and Intel’s performance monitoring unit (PMU) sitting beneath applications, the operating system, and virtualization layers gathering CPU telemetry as threats attempt to execute.

This solution is especially advantageous for SMBs because it further expands the comprehensive nature of our multilayered solution without the need for any direct management.  

Preparing for attacks doesn’t have to be complicated

Techniques that allow the breach of a business’s security through its employees and their (in-app) behaviors demonstrate that cybercriminals use every possibility to circumvent standard cyber defenses.

Via an ECOS’s easy-to-use dashboard, its Cloud Management Console, businesses can not only manage their security but also rapidly detect, assess, and respond to cyber incidents, making it a perfect solution for businesses of any size.

 



About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.

Why ESET?

ESET has over 25 years' experience of helping people to Enjoy Safer Technology. Our software is light on hardware, but hard on malware.

Our Technology

ESET’s award-winning NOD32® Antivirus technology is at the cutting edge of digital security. It’s updated daily to keep you secure.

Free Support

Enjoy your free, industry-leading customer support locally. For technical, sales and marketing enquires dial +65 6296 4268.