'%3e%3cpath%20d='M248.027%20159.993C292.176%20159.993%20328.105%20124.1%20328.105%2079.996C328.105%2035.892%20292.191%200%20248.027%200C203.863%200%20167.95%2035.892%20167.95%2079.996C167.949%20124.101%20203.878%20159.993%20248.027%20159.993ZM213.969%2045.973C223.069%2036.882%20235.155%2031.873%20248.027%2031.873C260.899%2031.873%20272.986%2036.882%20282.086%2045.973C291.186%2055.064%20296.2%2067.154%20296.2%2079.997C296.2%2092.84%20291.186%20104.93%20282.086%20114.021C272.986%20123.112%20260.899%20128.12%20248.027%20128.12C235.155%20128.12%20223.069%20123.111%20213.969%20114.021C204.869%20104.93%20199.871%2092.84%20199.871%2079.997C199.871%2067.154%20204.884%2055.063%20213.969%2045.973Z'%20fill='%23EE4323'/%3e%3cpath%20d='M150.16%200L57.6821%20159.993H94.5381L187%200H150.16Z'%20fill='%23EE4323'/%3e%3cpath%20d='M92.478%200L0%20159.993H36.856L129.334%200H92.478Z'%20fill='%23EE4323'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_296_834'%3e%3crect%20width='328.105'%20height='159.993'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
SAT1018
IM phishing
Initial Access
Summary
Traditionally, phishing attacks have been mostly email-based. While many organizations have been making use of SaaS-based instant messaging apps, these have been traditionally focused on internal communications, but this is changing rapidly.
Due to the ubiquity and effectiveness of instant messaging apps, communication with external parties has become more common. Instant messaging apps also lack many of the security controls around malicious links and attachments that have been common in email gateways for many years. This along with the immediacy and real-time nature of IM makes it a great vector for phishing attacks as users are less familiar with these apps as delivery vectors for phishing attacks.
Examples
References
- Slack Attack: A phisher's guide to initial access
- Slack Attack: A phisher's guide to persistence and lateral movement
- Jumpsec Advisory: IDOR in Microsoft Teams Allows for External Tenants to Introduce Malware
- TeamsPhisher
- Slack Jack - A tool for Slack bot token abuse
- Evilginx - AITM framework for phishing login credentials
- MITRE ATT&CK - Phishing: Spearphishing via Service
- Storm-0324 distributes malware using TeamsPhisher