Researchers at AT&T Alien Labs, the threat intelligence arm of AT&T Cybersecurity, have discovered a vulnerability in popular work collaboration platform Slack.
Slack is a popular cloud-based messaging platform that is commonly used in workplace communication, with Slack Incoming Webhooks allowing users to post messages from applications to Slack. By specifying a unique URL, the message body, and a destination channel, users can send a message to any webhook using the URL for any workspace.
In this instance researchers at AT&T Alien Labs noticed some functionality in the Slack platform that could be used to launch novel Phishing campaigns whilst creating webhooks for an internal tool.
Slack webhooks were previously considered a low security risk integration but according to AT&T Alien Labs researchers, attackers could simply find a leaked Slack webhook online and send a malicious app to a Slack channel where users would install it. This flaw could lead to malicious actors hijacking incoming webhooks in phishing attacks.
Ashley Graves, Cloud Security Researcher at AT&T Alien Labs, a part of AT&T Cybersecurity, wrote a blog documenting the finding and said: “First, a channel override allows you to override the previously specified webhook target channel by adding the “channel” key to your JSON payload. If you gain access to a webhook for one channel, you can use it in others.
“Slack documentation suggests that allowed target channels are based on the original creator of the webhook…so if you can find a webhook created by an admin – congrats, you can post to admin channels!”
According to Javvad Malik, Security Awareness Advocate at KnowBe4: “This is an interesting attack vector against Slack which is among the few popular messaging tools used in organisations. The concerning aspect about this is that people tend to lower their guard when receiving links on messaging platforms, and in particular when on mobile devices.
All this combined can lead to a great increase in the likelihood of a spearphishing attack being successful. It is why employees need to be wary of phishing attacks not just from email, but all social media platforms. In addition, organisations should have threat detection and response controls in place so that in the event an employee does fall victim to a phishing attack, it can be quickly identified and remediated before becoming a widespread incident.”
Link to original blog explaining AT&T’s findings:
The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY
Follow Us
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
This site uses functional cookies and external scripts to improve your experience.
Privacy Settings / PENDING
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.
NOTE: These settings will only apply to the browser and device you are currently using.
GDPR Compliance


You May Also Like

Deepfence Cloud builds on ThreatStryker security observability platform

Deepfence, a security observability and protection company, has launched Deepfence Cloud, a…

Progress launches Chef Cloud Security to extend DevSecOps to cloud-native assets

Infrastructure software provider Progress has announced the launch of Progress Chef Cloud…

Synopsys Finds Significant Increase in Practices to Bolster Software Supply Chain Security

Analysing the software security practices of 130 organisations including Adobe, PayPal and…

One Identity introduces new cloud-based offerings to enable Zero Trust architectures

As the transition to remote working has forced many companies’ hands for…