Threat Management, Malware, Ransomware

Adversaries leveraging chat platforms as C&C infrastructure, warns report

Hackers are abusing Slack, Discord, Telegram and other third-party chat platforms by incorporating them into their malicious command-and-control infrastructure and then using their functionality to communicate data and even download malware, according to a new Trend Micro report.

Authored by senior threat researchers Stephen Hilt and Lord Alfred Remorin, the report notes that the platforms' ability to also integrate customized apps and scripts through their APIs make them appealing weapons to adversaries. For instance, the malicious actors behind the ransomware TeleCrypt used Telegram as a C&C tool for communicating when a system is newly infected, as well for conveying information regarding payment and decryption, the report continues. (TeleCrypt's encryption was subsequently cracked.)

"What makes this particular revelation about chat platforms a serious security issue that must be considered is that there is currently no way to secure the usage of such chat platforms without killing their functionality," the report explains. "There is also no way to distinguish between a malicious connection to these platforms and a legitimate one."

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds