Digital Collaboration: A Double-edged Sword

How to Ensure Efficiency in Cybersecurity

Digital collaboration tools have skyrocketed as a crucial component in companies across the globe. According to a survey by Gartner, there has been a staggering 44% surge in workers’ use of collaboration tools since 2019. Pioneers like Office365, Box, and Dropbox have undeniably transformed how data is shared and co-edited within digital communities. 

However, this evolution does not come without its challenges. By making it easy to share and collaborate, these tools have also made it faster and more efficient for cybercriminals to attack an organization. A case in point is the malicious activities orchestrated by cyber threat groups such as Storm-0324, which have exploited Microsoft Teams to conduct insidious phishing campaigns, sending dangerous attachments to users. 

In this blog, we will explore how to reap the benefits of collaboration while defending against new advanced threats such as Storm-0324.

The Evolving Landscape of Digital Collaboration

The revolution in digital collaboration has markedly reshaped work and community engagement strategies across industries, with nearly 80% of workers presently utilizing collaboration tools for their jobs. This notable proliferation and utilization of collaboration platforms is not merely a testament to their convenience but an acknowledgment of their near indispensability in fostering a coherent and synchronized work environment. 

The Hidden Threat of Digital Tools

Tools like Microsoft 365 have become paramount in facilitating smooth operational flows among global teams. Microsoft 365 provides a comprehensive suite not only limited to real-time co-authoring of documents, spanning Word, Excel, and PowerPoint but also engulfs communication. Furthermore, it enhances secure file sharing and collaborative working through platforms like SharePoint and OneDrive, crafting a unified, integrative collaborative workspace for users across diverse geographies and platforms. While easy to use, when hidden threats such as malware or dangerous code are included in files shared in these locations, it only takes a simple opening to launch the destructive payload. 

Similarly, platforms like Box and Dropbox each offer their unique tapestry of features aimed at augmenting digital collaboration. At their core, these platforms converge on facilitating a secure and coherent environment for file sharing, enabling users to not only store and access documents across various devices but also engage in real-time or asynchronous editing and co-creation of content, making them potential vectors for spreading dangerous content. 

Adding to the challenge, they integrate with many third-party applications, establishing themselves as centralized hubs encapsulating various dimensions of digital work, from communication and document sharing to task management and third-party app accessibility. While these applications add much functionality, they also create an additional attack surface for cybercriminals to leverage in getting their different attack vectors into the collaboration platform. 

Real-world Threat Scenario: The Case of Storm-0324

Storm-0324, aka TA543 and Sagrid, was recently discovered, exploiting latent vulnerabilities with Teams in the O365 environment. Employing an open-source red-team tool, TeamsPhisher, Storm-0324 not only distributed malicious content through Microsoft’s widely-used collaboration app but astutely crafted an avenue for subsequent cyber-attacks. 

The tool essentially simplified the process of sending messages and files to external Teams users by uploading attachments to the sender’s SharePoint, ensuring the target user’s validity and capability to receive external messages, and then establishing a new thread with the user, thereby delivering the intended message alongside a link to a SharePoint attachment with embedded threats.

This attack highlights how combining collaborative tools allows cybercriminals to conduct an attack quickly and efficiently. Using a vulnerability in the Teams’ client-side security controls, the attackers bypassed standard communication barriers, allowing the attack to push files that would otherwise be prevented.

To learn more about the Storm-0324 attack, you can check out our blog here. 

Defending Endpoints Using Collaboration

When dealing with the potential for rapidly spreading threats in collaborative spaces, the solution is not to block collaboration or make it more difficult. Instead, companies need to leverage solutions that deliver protection without adding additional friction to users or requiring significant overhead to manage. 

The most savvy solution is to implement protections that ensure dangerous code never enters the boundaries of collaboration platforms or gets eliminated once it is in their storage. Antivirus (AV) and Content Disarm and Reconstruction (CDR) are two primary ways to accomplish this task.

AV is a standby for most organizations, rapidly and efficiently eliminating known threats in files. While highly effective for known threats, it is unable to effectively identify zero-day threats or previously unseen threats. This allows cybercriminals to utilize permutations on existing threats to hide from antivirus programs for a time. 

Alternatively, CDR is an advanced solution that does not focus on detection but instead sanitizes files by breaking them apart and rebuilding them from only known-safe components. This approach doesn’t rely on knowing if a threat exists, allowing it to compensate where AV solutions have challenges. Additionally, more advanced CDR solutions rebuild files with high fidelity, ensuring that all functionality and formatting are also preserved in the rebuilding process. 

Since detection is not a factor of CDR, it does not natively track what has been discovered, making it harder to quantify its effectiveness. The most mature CDR solutions leverage a combination of CDR, AV, and a later analysis of previous findings to known and novel threats while simultaneously generating an auditable record of effectiveness. 

Votiro: Seamless, Invisible Protection for Collaboration Tools

Votiro transcends the conventional capacities of CDR solutions, establishing itself as a robust shield against hidden malicious codes within files. By unifying the capabilities of AV, CDR, and retrospective analysis, it creates a tripartite defense mechanism that encompasses detection, protection, and thorough analysis, thereby constructing an impregnable bulwark against concealed threats within a singular, holistic solution.

Votiro’s protective measures are based on an API-driven architecture that seamlessly integrates into existing business workflows and technologies. This imperceptible melding ensures that organizations are immediately safeguarded against potential malware threats, all while maintaining and leveraging their existing technological infrastructures and solutions.

Contact us today to learn how Votiro sets the bar to prevent hidden threats in files so that your employees and systems remain secure while maintaining productivity. And if you’re ready to try Votiro, start today with a free 30-day trial.