Wiki-slack attack: how business professionals are redirected to malicious websites
The risks of link manipulation: the new method of hijacking corporate communications
Security experts at eSentire have discovered a new attack called “Wiki-Slack,” which uses edits to Wikipedia pages to redirect Slack users to malicious websites containing malware. It is necessary to raise awareness among companies about this type of attack and integrate cyber resilience into business processes.
Security experts at eSentire have revealed a new method through which attackers can divert business professionals to malicious websites. Known as the Wiki-Slack attack, this technique takes advantage of modified Wikipedia pages and takes advantage of a formatting error when the page is viewed on Slack.
Attack mode
To carry out the attack, threat actors select a Wikipedia article that may be of interest to the target, then modify it by adding a legitimate footnote at the end of the first paragraph and share the article on Slack. Although the note itself is not harmful, viewing the shared page on Slack causes a formatting error that makes a link not present on Wikipedia visible within the collaboration solution.
How the attack works
Once a business professional copies and pastes that Wikipedia entry into a Slack channel, the malicious link appears. If the grammar around the link is sufficiently well crafted, Slack users are tricked into clicking it, leading them to an attacker-controlled website where browser-based malware is hiding. This attack requires that the reference at the end of the first paragraph of the Wikipedia article be carefully placed and that the first word of the second paragraph be a top-level domain (TLD). Additionally, the two conditions must appear in the first 100 characters of the article.
Prevention and advice
To prevent such attacks, it is advisable to raise awareness among organizations about browser-based attacks that can lead to malware infection. Furthermore, it is recommended to use endpoint monitoring and integrate cyber resilience into business processes. eSentire says it reported the identified issues to Slack.
Follow us on Facebook for more pills like this10/30/2023 14:08
Marco Verro