October 30, 2023 at 09:45AM
Researchers at eSentire have discovered a new attack method called the Wiki-Slack attack, in which threat actors modify Wikipedia pages and share them in Slack to redirect users to malicious websites. By manipulating the formatting of the page, a hidden link is created that can entice users to click, leading them to an attacker-controlled site. This attack can be successful by targeting high-traffic Wikipedia pages and conducting background research on potential targets. Organizations are advised to educate employees about browser-based attacks, implement endpoint monitoring, and prioritize cyber resilience. eSentire has reported the issue to Slack.
Summary:
Security researchers at eSentire have identified a new method of attack called the Wiki-Slack attack. Attackers modify Wikipedia pages and share them in Slack, taking advantage of a formatting error to redirect users to malicious websites. The attack works by adding a legitimate footnote to a Wikipedia article, causing a hidden link to be rendered in Slack’s preview. If users copy and paste the article in Slack and click the link, they are directed to an attacker-controlled website with browser-based malware. The attack requires specific conditions to be met in the article’s layout and relies on a high volume of modified pages to increase its chances of success. eSentire recommends organizations raise awareness of browser-based attacks, employ endpoint monitoring, and build cyber resilience into their processes. The issue has been reported to Slack.