Breach Debrief Series: The Fake Slackbot

Breach Debrief Series: The Fake Slackbot
Hananel Livneh
March 20, 2024
share:

Last month, The Verge reported on an amusing story of abusing Slack in a design, technology, science, and science fiction website. Tom McKay of IT Brew successfully hid on Slack after leaving the company in 2022 by assuming the persona of "Slackbot," remaining undetected by management for months. McKay shared screenshots of his antics on X and confirmed the escapade to The Verge. By changing his profile picture to resemble an angrier version of Slackbot's icon and altering his name to "Slackbot" using a special character (Unicode character “о”), McKay's account evaded deletion, allowing him to send bot-like messages to colleagues such as, “Slackbot fact of the day: Hi, I’m Slackbot! That’s a fact. Have a Slack-ly day!”.

On first read McKay's escapade seems as a lighthearted reminder of the potential for mischief in digital spaces. This was how the cyber community of Hacker News of Y Combinator received this news, which prompted  users to share their own experiences from the old days, including a story from the days of dialup internet. However, as the thread continued, some people started wondering about the security impact. The r/sysadmin subreddit on the other hand was quick to realize the lack of an offboarding process. Other Slack admins shared their frustration and challenges of securing the SaaS app.

The Challenge of Offboarding 

When employees transition out of an organization, it's imperative for security that access to corporate assets be promptly revoked. While much of this process is automated through workflows that remove employees from the identity provider (IdP), manual deprovisioning is necessary for applications not integrated into the IdP. Challenges in permanently removing users from SaaS applications include applications not synced with the IdP, the use of shared passwords among teams, and individuals retaining access through previously shared credentials acquired during their tenure. Failure to fully offboard users poses significant risks such as data theft or breaches, either by former employees or unauthorized individuals with stolen credentials. Overcoming these hurdles is crucial for maintaining robust security measures within organizations.

Securing Slack 

Slack is a leading collaboration and communication platform, revolutionizing how teams work together. With its intuitive interface, real-time messaging, and extensive integration options, Slack has gained popularity among organizations of all sizes. However, as with any cloud-based platform, it is crucial to address security issues and concerns to protect sensitive data and maintain a secure working environment. While Slack offers robust security measures, it is essential to be proactive in addressing potential security issues and concerns. Organizations must recognize the value of the data shared within the application, including sensitive files, proprietary information, and confidential communications.

To secure Slack, here are some best practices to follow:

  1. Strong Passwords and MFA: Encourage users to create strong, unique passwords for their Slack accounts and enable multi-factor authentication (MFA) for an added layer of security.
  2. User Access Control: Implement proper access controls by assigning roles and permissions based on user responsibilities. Restrict access to sensitive channels and data to authorized individuals only.
  3. Third-Party App Permissions: Regularly review and manage permissions granted to third-party apps integrated with Slack. Limit access to necessary functions and regularly audit authorized applications.
  4. Guest Access Controls: If using Slack for external collaboration, configure guest access settings carefully. Define restrictions and permissions for guests and regularly monitor guest activity.

Conclusion

As the cyber threat landscape evolves, even lighthearted stories like this one provide important lessons for organizations as they fortify their defenses against sophisticated attacks.  The fake Slackbot underscores the pressing need for comprehensive security measures and proper off-boarding. 

The easiest way to deprovision users from SaaS applications is through a SaaS Security Posture Management (SSPM) platform that is integrated with a SOAR. Using automated workflows, these processes quickly identify and fully deprovision offboarded employees who maintained access to SaaS applications.

By using an SSPM, enterprises can confidently move forward, knowing that access to their applications is under their full control. 

Have users you need to deprovision? Download our latest ebook, Offboarding Employees from Your SaaS Stack in 7 Steps!

About the writer

Hananel Livneh
Head of Product Marketing
Breach Debrief Series: The Fake Slackbot
Hananel Livneh is Head of Product Marketing at Adaptive Shield. He joined Adaptive Shield from Vdoo, an embedded cybersecurity company, where he was a Senior Product Analyst. Hananel completed an MBA with honors from the OUI, and has a BA from Hebrew University in Economics, Political science and Philosophy (PPE). Oh, and he loves mountain climbing.

Measuring SaaS Security by Business Unit, Subsidiary or Team

In our latest update, we add a new dimension to improve accountability and reporting – the ability to measure SaaS Security posture by business unit, subsidiary, team, or any other bucket of choice 
Read more
Hananel Livneh
July 22, 2021

Detangling a Confusing Threat Detection for SaaS Landscape

Detection and response sit at the heart of any well-thought-out cybersecurity program. However, for all the benefits of detection and response, there is still some confusion in the marketplace about these tools. This article aims to detangle the confusing threat detection SaaS landscape.
Read more
Arye Zacks
December 28, 2022

How to Protect Patients and Their Privacy in Your SaaS Apps

The healthcare industry is under a constant barrage of cyberattacks and has traditionally been one of the most frequently targeted industries. While the adoption of SaaS apps has led to better collaboration among medical professionals and improved patient outcomes, medical facilities must adhere to strict industry standards to ensure the highest level of security and compliance for healthcare data.
Read more
Arye Zacks
December 28, 2022
request a demo
Solution
By Use CaseWhat is SSPMGet in touch
Platform
Sign inFeatures  & FunctionalitiesIntegrations
Resources
LibraryBlog
Partners
Business PartnersTech Partners
Company
AboutNewsEventsCareers
2024 Adaptive Shield All rights reserved
Trust Center ›Privacy Policy ›Terms ›
GDPR Compliant
ISO 27001 Compliant
ISO 27001 Certified
ISO 27701 Certified
SOC 2 Compliant
Cyber GRX