The hits keep on coming. Just this summer, the hacking group NullBulge breached Disney’s Slack system and stole over a terabyte of data, including employees’ messages, spreadsheets, and PDFs. After the breach, the hackers published a wide range of financial information, details about upcoming projects, and other sensitive data. As a result, Disney announced its decision to migrate away from Slack in early 2025.
Unfortunately, this is not an isolated incident. Instead, it’s the latest example in a long string of high-profile cyberattacks that targeted popular tools such as Slack, Teams, Zoom, and more. More attacks are inevitable, especially as a growing number of organizations turn to these platforms to facilitate employee communication and collaboration in remote work models.
“The surge in cyberattacks targeting collaboration tools like Slack and Microsoft Teams isn't just about their increased usage - it's about the goldmine of sensitive data they contain. These platforms have become the new "office," housing critical conversations and strategic planning,” explained Tamir Passi, Senior Product Director at DoControl. “What's particularly alarming is how cybercriminals are combining exposed credentials with social engineering tactics to exploit these tools.”
Passi added, “We're seeing a disturbing trend where attackers purchase legitimate credentials on dark web marketplaces - sometimes for as little as $10. They then use these credentials, often from third-party affiliates, to gain a foothold in an organization's collaboration environment. From there, they can launch sophisticated social engineering attacks, leveraging the trust and information flow within these platforms.”
Why Traditional Security Measures Fail
When cyberattacks happen, the victim’s first instinct is often to point the finger at the software vendor. Yet today’s enterprise-grade solutions are usually developed on comprehensive security-by-design architectures that include built-in security features such as multi-factor authentication, threat detection, or data encryption.
In the case of the Disney breach, Salesforce (the owner of Slack) maintained that its architecture was highly secure—and cautioned its customers to continue to focus on their own controls and protocols.
“Our security is rock solid,” said Marc Benioff, CEO of Salesforce. “Companies also have to take the right measure to prevent phishing attacks and to lock down their employees’ social engineering. So, we can do our part, but our customers have to do their part.”
How are these attacks happening? Many are the result of user-targeted exploits or non-technical attack methods, such as:
- Phishing attacks that target users through fraudulent emails or messages. All it takes is for one employee to click on a malicious link to give hackers access to critical systems and data.
- Social engineering threats, where cybercriminals attempt to manipulate users into divulging passwords, MFA codes, or other sensitive information.
- “Password spraying,” an approach where bad actors gain access to many legitimate usernames and then try a single, common password for these accounts. By targeting multiple accounts, password spraying increases the likelihood of at least one successful compromise.
- Credential theft, where hackers obtain username-password pairs from another data breach and then attempt these same combinations on the collaboration systems.
- Weak access controls, which can include Slack channels that are open to the public or Zoom meetings that don’t require passwords, allowing unauthorized users to gain access to sensitive information. This led to the famous case of “Zoom bombing” in 2020, where unauthorized individuals disrupted company meetings by sharing inappropriate or offensive content.
To prevent these types of attack methods and incidents, companies should re-examine existing security protocols and, if necessary, build on foundational cybersecurity best practices to improve their overall security posture.
Best Practices to Secure Today’s Online Collaboration Apps
It’s critical that organizations do all they can to improve their defenses when using modern collaboration tools that are now the backbone of remote work models. This can consist of implementing the following cybersecurity strategies and best practices.
Enable and require MFA
MFA is an extremely effective way to enhance cybersecurity. It adds a valuable extra layer of security by requiring users to provide a second form of authentication in addition to their password. MFA creates a two-step process that is difficult for hackers to get around.
Implement stronger password policies
Too many companies have lenient password policies that allow employees to create weak or commonly used passwords. Having stronger policies—those that require long, complex passwords that must be updated frequently—helps prevent brute force and password-spraying attacks.
Review user access permissions
Companies should default to the principle of least privilege, where they only grant employees access to the specific data, applications, and systems they need. Additionally, they should review employees’ access permissions on a regular basis to make sure they are appropriate to their role in the company.
Train employees
Employee training is another area that is often overlooked. Organizations should conduct regular security training that focuses on areas such as identifying and resisting suspicious messages or data sharing best practices. These training sessions can also focus on features in the specific collaboration app, such as Slack’s message permissions or third-party integrations.
Build a Remote-First Cybersecurity Strategy
For most companies, the initial COVID-inspired remote work trend has become a permanent fixture, forever changing many established “business-as-usual” norms. It’s also led to the increased adoption of so many collaboration and project management tools to enable remote employees to get their work done wherever they happen to be.
Yet, if companies aren’t careful, these collaboration apps can increase their overall attack surface and subject them to too much risk. By understanding these risks and taking the right steps to bolster their defenses, companies can build an effective remote-first cybersecurity strategy and continue to get the most out of today’s valuable collaboration tools.
