Carding 4 Carders
Professional
Developers should clearly teach the Slack messenger to format text correctly.
Cybersecurity specialists from the eSentire Threat Response Unit have identified an interesting technique for cyber attacks on employees of companies that use the corporate messenger Slack. The method is called Wiki-Slack .
Attackers choose a topic that is interesting for potential victims in Wikipedia, go to the first page of the corresponding article and make an edit. The trick is to add a legitimate link-a footnote. Under certain conditions, when such a Wikipedia article is copied and pasted into a corporate Slack chat, the messenger generates an address that was not originally included in the text.
This happens if three conditions are met:
1. There is a footnote at the end of the first paragraph.
2. The first word of the second paragraph is an abbreviation of the domain name like in, at, com, net, etc.
3. The above points should fit in the first 100 words of the article.
Due to text formatting issues, Slack doesn't properly handle paragraph breaks and creates a new hyperlink where it shouldn't be. There is nothing illegal in the edits themselves, so the scheme is extremely profitable for scammers.
eSentire notes that attackers can use Wikipedia statistics to select the most visited pages. Fake links can be used for phishing or spreading malware.
According to the researchers, the scale of such attacks can be easily increased using language models like GPT-3. Experts recommend that companies exercise caution and use endpoint monitoring tools to detect and block threats in time.
Cybersecurity specialists from the eSentire Threat Response Unit have identified an interesting technique for cyber attacks on employees of companies that use the corporate messenger Slack. The method is called Wiki-Slack .
Attackers choose a topic that is interesting for potential victims in Wikipedia, go to the first page of the corresponding article and make an edit. The trick is to add a legitimate link-a footnote. Under certain conditions, when such a Wikipedia article is copied and pasted into a corporate Slack chat, the messenger generates an address that was not originally included in the text.
This happens if three conditions are met:
1. There is a footnote at the end of the first paragraph.
2. The first word of the second paragraph is an abbreviation of the domain name like in, at, com, net, etc.
3. The above points should fit in the first 100 words of the article.
Due to text formatting issues, Slack doesn't properly handle paragraph breaks and creates a new hyperlink where it shouldn't be. There is nothing illegal in the edits themselves, so the scheme is extremely profitable for scammers.
eSentire notes that attackers can use Wikipedia statistics to select the most visited pages. Fake links can be used for phishing or spreading malware.
According to the researchers, the scale of such attacks can be easily increased using language models like GPT-3. Experts recommend that companies exercise caution and use endpoint monitoring tools to detect and block threats in time.
