Malware exposes media company’s Slack chats

It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.

A single infected device exposes media giant’s Slack chats

Nikkei, a Japanese media company known for its financial publications, including Financial Times, announced last week that its internal Slack messaging system was breached. According to Nikkei, the attackers had access to a wide range of information, including “the names, email addresses, and chat histories for 17,368 individuals registered on Slack.” While no leakage of information related to sources or reporting activities has been confirmed, it’s not difficult to imagine the types of sensitive, private, or embarrassing messages that could be exposed when an organization’s chat platform is accessed by hackers.

So, how did the breach happen? A Nikkei employee’s computer was infected with malware that allowed attackers to steal Slack authentication credentials. The hackers were then able to use these credentials to gain access to employees’ accounts and, in turn, a huge cache of messages and user data.

What you can do

• Be careful what you click; be mindful of what you download. While we don’t know for sure how the malware used in this attack was delivered, successful malware starts by finding its way onto a target’s device. In many situations, this happens through the target clicking on a phishing link (either in a message or embedded on a compromised website) or through the abuse of a malicious file, application, or software. Having strong phishing awareness and being careful about your choice in applications and software, therefore, is a crucial baseline.
• Keep everything updated. Another critical defense is to update, update, update. Malware is most likely to successfully infect your device by taking advantage of unpatched vulnerabilities in your operating systems, apps, and software. Updates help to fill these security gaps. Turning on automatic updates, both for your operating systems and applications, is a great way to ensure you keep up with the latest patches.
• Lock down your accounts with two-factor authentication. Using two-factor authentication is a great way to reduce the impact of an attacker stealing your account password. While not a 100% defense against malware-based credential theft attacks, ensuring that your accounts have a second layer of protection makes it much harder for attackers to succeed.
• Set up data retention policies. While it won’t prevent a device or account from being hacked, setting up a data retention policy that erases old data from platforms like Slack after a certain period of time will at least limit how much historical data an attacker is able to see once inside your system.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Evan

-

Evan Summers

Senior Digital Security Trainer

Freedom of the Press Foundation