by Mendy Newman
Posted on November 3, 2021
Want to interview Mendy?Contact
Individuals who value both convenience and privacy – which means almost all users – depend on instant messaging (IM) apps to communicate across all aspects of their personal lives. Every time we open a new chat, WhatsApp, for instance, reassures us that, “Messages and calls are end-to-end encrypted. No one outside of this chat, not even WhatsApp, can read or listen to them.”
Instant messengers have rapidly become the favorite tool in our communication toolbox for business as well. While formal interactions still require email, simple and efficient chat apps have been gaining for quick consultations and interactions. Slack and Microsoft Teams (and their many competitors) are widely used within organizations. But when it comes to communicating with third party providers, customers and other contacts for business purposes, as well as with family and friends in the course of the workday, IM apps such as WhatsApp are often the solutions of choice.
The numbers tell the story: WhatsApp, Facebook Messenger, Telegram, and Snapchat together have over 4 billion active users, with 2 billion on WhatsApp alone. 50 million of those WhatsApp users are business accounts. Weixin/WeChat and QQ have nearly 2 billion more users, mostly in China.
All this explains why the web client of their favorite IM is one of the very first tabs many – perhaps most – people open at the start the workday and one that’s most frequently used throughout the day.
IM web clients, however, can pose a real danger to network security. A single click on a ransomware-infected file sent via a chat – either maliciously or unintentionally – can bring an entire organization to its knees.
The same end-to-end encryption that protects user privacy renders secure web gateways and next-generation firewalls, which organizations depend on to scan websites for malicious content, powerless to “see” if a file or link sent via IM to a users’ IM web client contains ransomware or other malware. As a result, if a chat contains a link to ransomware or an infected file, it will not be blocked. When the user opens the file or clicks on the link, malware can instantly move from the endpoint browser to – and throughout — the organization’s network.
It’s not hard to imagine scenarios in which cybercriminals share weaponized images in an IM group, submit an infected CV in response to an advertised opening, or send a sales inquiry that includes a malicious link. One click by a user, and the damage is done.
Many organizations simply block IM web clients, preventing their use. But in countries where chat apps are used widely for business as well as personal use, blocking IM web clients annoys users – to the point of revolt, in some countries! – and results in a productivity hit for the organization.
ZTEdge Instant Messenger Isolation uses remote browser isolation (RBI) to protect against threats delivered via chats. All content from the web client is opened in a virtual browser located in an isolated container in the cloud. Only safe rendering data is sent to the browser-based client on the user’s device, where users chat as they are accustomed to do. Any malware or ransomware remains in the isolated container, remote from endpoints and networks, and is destroyed when the user stops chatting. Files sent via the IM client are opened in isolation and sanitized of any malicious content within before being sent on the endpoint.
ZTEdge Instant Messenger Isolation is included in ZTEdge™, Ericom Software’s comprehensive Zero Trust SASE platform for midsize enterprises and small businesses.
Instant Messaging is an invaluable tool. Taking the right protective measures can empower your users to use it productively, while preventing delivery of cyber threats.
In a recent report, ransomware and BECs take the prize as most-favored types of cyberattacks. A flourishing ransomware-as-a-service market makes attacks easier than ever, and offers a large menu of encryption options.
The recently exposed Microsoft Teams GIFShell technique demonstrates why Zero Trust protection for app surfaces is essential for even the most trusted enterprise apps.
In recently reported Adversary-in-the-Middle attacks, hackers bypass MFA by using session cookies that they illicitly extract from HTTPs requests, via reverse proxies.