How to migrate from Discord to Slack and take all your karma with you. I really want Discord to add Threaded Messages within #channels, like in the app Slack. I currently find the method of conversing in channels to be disorganized and messy looking, and if you added Threaded Messages the channels would all look so much more organized and it would keep people responding in the correct area, instead of just spamming the main channel.
Newsletter
Subscribe to our Threatpost Today newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Infosec Insider Post
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. Adobe photoshop 2015.5 download mac. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
Thanks in large part to the global pandemic, collaboration platforms like Discord and Slack have taken up intimate positions in our lives, helping maintain personal ties despite physical isolation. But their increasingly integral role has also made them a powerful avenue for delivering malware to unwitting victims—sometimes in unexpected ways.
Discord Slack
Cisco’s security division, Talos, published new research on Wednesday highlighting how, over the course of the Covid-19 pandemic, collaboration tools like Slack and, much more commonly, Discord have become handy mechanisms for cybercriminals. With growing frequency, they’re being used to serve up malware to victims in the form of a link that looks trustworthy. In other cases, hackers have integrated Discord into their malware for remote control of their code running on infected machines, and even to steal data from victims. Cisco’s researchers warn that none of the techniques they found actually exploits a clear hackable vulnerability in Slack or Discord, or even requires Slack or Discord to be installed on the victim’s machine. Instead, they simply take advantage of some little-examined features of those collaboration platforms, along with their ubiquity and the trust that both users and systems administrators have come to place in them.
“People are way more likely to do things like click a Discord link than they would have been in the past, because they’re used to seeing their friends and colleagues posting files to Discord and sending them a link,” says Cisco Talos security researcher Nick Biasini. “Everybody’s using collaboration apps, everybody has some familiarity with them, and bad guys have noticed that they can abuse them.”
Among the collaboration app exploitation techniques Cisco’s researchers are warning about, the most common uses the platforms essentially as a file hosting service. Both Discord and Slack allow users to upload files to their servers and create externally accessible links to those files, so that anyone can click on the link and access the file. In many cases, Cisco found, those files are malicious; the researchers list nine recent remote-access spy tools that hackers have tried to install in this fashion, including Agent Tesla, LimeRAT, and Phoenix Keylogger.
The links don’t have to be delivered to victims inside of Slack or Discord. They can also be served up over email, where hackers can far more easily trawl for victims en masse, impersonate a victim’s colleagues, and reach users with whom they have no previous connection. As a result, Cisco has recorded a major uptick in the use of those links to deliver malware via email in the past year. “Over the last several months we’ve seen tens of thousands, and the rate has been steadily increasing,” says Biasini. “Right now it appears to be peaking.”
Discord Slack Bridge
Security firm Zscaler similarly noted the rise in the technique’s use by cybercriminals in research published in February, warning that they’d spotted as many as two dozen malware variants per day, including ransomware and cryptocurrency mining programs, being delivered as fake video games embedded in Discord links. Hackers have also used the technique to plant malware that steals Discord authentication tokens from victims’ computers, allowing the hacker to impersonate them on Discord, spreading more malicious Discord links while using a victim’s account to cover their tracks.
Aside from exploiting the trust that users place in Slack and Discord links, that technique also obfuscates the malware, since both Slack and Discord use HTTPS encryption on their links and compress files when they’re uploaded. And while other methods of hosting malware can be taken offline or blocked when a hacker’s server is discovered, the Slack and Discord links are harder to take down or block users from accessing. “Adversaries are most likely going to be affected by things like shutting down a server, shutting down a domain, blacklisting files,” says Biasini. “And what they’ve done is figured out a way to break that.”
Discord Slack Webhook
“Everybody’s using collaboration apps, everybody has some familiarity with them, and bad guys have noticed that they can abuse them.”
Discord Slack Emoji
Nick Biasini, Cisco Talos
Discord Slack Malware
Aside from hosting their malware in Discord and Slack links, cybercriminals are also using Discord as the command-and-control and data-stealing element in their malware. Discord allows programmers to add “webhooks” to their code that automatically update a Discord channel with information from an application or website. So cybercriminals have exploited that technique to relay information from infected computers back to the command-and-control server that they use to administer a botnet, or even to pull data from a victim’s machine back to the server. As with the malicious link technique, that webhook trick hides the malicious traffic in more innocent-looking, encrypted Discord communications, and makes the hacker’s infrastructure more difficult to pull offline. (While Slack also offers a similar webhook feature, Cisco says it has yet to see hackers abuse it as they have Discord’s.) Sky go new zealand.