What enterprises can learn about collaboration app weaknesses from the GTA VI breach

Collaboration apps are a risk that many enterprises have tried to overlook due to convenience. But with attacker’s increasingly set on exploiting them, their weaknesses can’t afford to be ignored any longer. 

On September 18, a hacker released over 90 videos and images from the upcoming release of Grand Theft Auto VI on GTAForums. The hacker claimed they wanted to make a deal with EA to avoid releasing additional information, including GTA V and VI source code and assets and the GTA VI testing build. 

The attacker managed to steal this information by breaking into Rockstar’s internal Slack channel and exfiltrating them. 

For enterprises, this breach is a clear warning that sharing protected information on consumer-grade communication apps like Slack can significantly increase the risk of IP theft.

How bad is the breach? 

This latest breach highlights that collaboration apps provide an effective avenue for hackers to commit IP theft. Yet, many organizations rely on these solutions to collaborate. 

In fact, according to Slack, over 100,000 organizations, including 77% of Fortune 100 companies use Slack Connect. The problem is that these services — when breached — offer unauthorized users a goldmine of high-value data. 

“GTA is of primary interest to cybercriminals as the game has its own virtual currency, which is in high demand,” said Boris Larin, lead security researcher at Kaspersky. “Once the attacker gains access to [the] game’s source code, one can easily learn about all the functionality of the game and game servers. It allows fraudsters to find some vulnerabilities, create cheat codes and get rich through mining and selling the in-game currency, bypassing the rules set by the game developer.”

The link between collaboration apps and IP theft 

Unfortunately, the trend of exploiting collaboration apps to gain access to IP data and protected information isn’t a one-off occurrence. This latest breach comes just a week after hackers breached Uber’s internal Slack Channel. 

In a statement discussing the event, Uber suggested that the hacker gained access by purchasing a contractor’s login details for a user’s account and then sending them a string of multifactor authentication requests, which the individual eventually accepted. 

After achieving initial access, the attacker exploited the account’s elevated permissions and managed to access downstream tools like Slack, where they downloaded internal messages and other information. 

A similar attack occurred in June last year, when hackers managed to gain access to EA Games’ internal Slack channel, and stole 780GB of data including the Fifa 21 source code, before leaking it after a failed extortion attempt.  

In this breach, the attackers purchased stolen cookies sold online to gain access to an employee’s Slack account before contacting IT support. They then claimed to have lost their phone and requested a multifactor authentication token so they could gain access to the organization’s wider corporate network. 

How regulators are cracking down on collaboration apps

The dangers of collaboration apps are increasingly well-known, particularly from the perspective of regulators, in highly regulated industries like financial services, which seek to penalize the use of communication channels like Slack, WhatsApp and email for discussing sensitive information. 

In fact, according to Reuters, banking giants — including JPMorgan Chase & Co, Morgan Stanley, Bank of America, Goldman Sachs, Barclays PLC, Credit Suisse Group AG, Deutsche Bank AG and UBS Group AG — collectively face more than $1 billion in fines for the use of unapproved messaging tools like email and WhatsApp. 

Back in July, Morgan Stanley received a $200 million fine for “use of unapproved personal devices,” and allowing employees to use WhatsApp and personal email addresses for business communications. 

Similarly, last December, JPMorgan received $200 million in fines for allowing employees to use WhatsApp messages and emails about company business. The implication is that communication apps are insufficient for securing regulated data and IP. 

Mitigating the risks of remote communication 

Of course, while the security risks of collaboration apps are increasingly well-known, many organizations find it impractical to eliminate the use of collaboration apps completely, particularly when so many depend on them to enable employees to work together remotely from home.

Instead, organizations should, at the very least, restrict the kind of information shared in communication apps and forbid sharing IP data of any kind. 

This means that if an unauthorized individual does manage to bypass the easily exploitable password and multifactor authentication controls, they won’t be able to start exfiltrating trade secrets and regulated information. 

The reality is that communication apps, like Microsoft Teams and Slack, don’t have the inbuilt security necessary to protect high-value data from advanced threat actors in a way that’s compliant with fast-evolving data protection regulations. 

End-to-end encrypted messaging as an alternative 

For organizations that want to continue to use collaboration apps to manage such data, secure communication platforms that use end-to-end encryption provide a partial answer to these challenges. 

One of these providers is Element, a secure messaging app recently recognized by Forrester as a leader in The Forrester Wave for Secure Communications (Q3 2022), which secures message content even if a hacker compromises the underlying server or network. 

“Slack is not end-to-end encrypted, so it’s like the attacker having access to the company’s entire body of knowledge. A real fox in the hen house situation,” said Matthew Hodgson, CEO and cofounder of Element. “An end-to-end encrypted collaboration platform means that even if an attacker gets insider it, they can be immediately spotted as an intruder and locked out (unless they somehow manage to steal the keys from an existing client app, typically protected by a device’s hardware Trusted Platform Module).”

The importance of user awareness 

It’s important not to overlook the importance of user awareness in reducing the level of risk posed by collaboration apps. In many of these breaches, hackers used social engineering to trick users into handing over multifactor authentication codes. 

Educating employees on these types of social engineering attacks puts them in a position to spot manipulation attempts and avoid handing over information that can breach critical systems.

“Breaches like this are a great reminder of the need for employee security education and better security controls,” said Darren James, head of internal IT at Specops Software. “Cybersecurity training should be required regularly for all employees to teach them to recognize cybersecurity threats and how they can help mitigate them — things like thinking twice before clicking a link or approving an MFA notification and setting stronger passwords.”