SaaS-to-SaaS Third-party Integrations in Slack

Slack is one of the most popular workspace chat applications. Part of the reasons for its popularity is the focus on integrations and building an ecosystem of highly integrated third-party services. Slack has native capabilities such as the Slack APIs and Workflow Builder, allowing third-party software vendors and internal teams to integrate their services into Slack’s ecosystem. Third-party vendors can publish their apps on the Slack App Directory to easily distribute their services to the Slack user base and ease the onboarding and integration process for their customers.

‍

Slack Apps and Workflows, whether built by a third-party or an internal team, leverage an intuitive no/low-code interface that allows developers to leverage Slack’s powerful webhooks, bots and other tools that seamlessly integrate with modern enterprises' digital workforce. Organizations that are highly dependent on Slack as their main internal communication platform realize that interfacing with Slack Bots and Slack Apps is the most efficient method to build efficient and automated digital workflows.

‍

Securing Non-human Slack Third-party Integrations

While Slack security is inherently strong, third-party vendors who have access to it through these methods can be a weak link. Inherently risky or over-privileged OAuth tokens, etc. can be exploited to gain the keys to the kingdom, placing Slack customers at risk of data breaches and account exposure.

‍

Supply chain access attacks against Slack are not properly covered by existing security approaches such as IdP (Identity Providers), CASB (Cloud Access Security Broker) and SSPM (SaaS Security Posture Management) solutions that focus on human-to-SaaS access controls and neglect the critical growing non-human SaaS-to-SaaS third-party integration layer.

‍

Slack Supply Chain Risks

As business communications are shifting from emails to Slack , it’s becoming a prime target  for attacks and phishing campaigns. Here are some examples:

Attackers can leverage Slack security weaknesses to gain access to public slack channels and post their phishing attempts for the channel (like detailed in this research).

Messages can be used to attempt a “conservative” phishing campaign, aiming to hijack username and password, or an attempt for an OAuth Consent Phishing campaign, aiming to trick users into granting a malicious app the permissions to conduct actions on behalf of the user (an example for such attack), whether permissions to Slack or for other platforms.

With the high amount of Slack Apps that end users authorize, their access tokens and their developers are becoming an increasing target for attackers that are looking to execute supply chain API takeover attacks.

How Can Valence Help Slacks Security?

Valence seamlessly integrates with your Slack environment and helps you discover your SaaS mesh attack surface and manage the risks associated with it:

• Discover all your third-party integrations that connect to Slack such as user OAuth tokens and bot tokens
• Analyze the scope of access and actual usage of SaaS-to-SaaS connections to remove over-privileged and inactive integrations
• Uncover the third-party vendors that were granted access tokens to ensure alignment with vendor risk management and TPRM programs
• Monitor API calls made by 3rd party apps to detect potential abuse, compromise or API takeover attacks against your critical data
• Automate workflows to ensure effective remediation and communication with end users and business owners in the modern distributed IT environment

Reach Out for a Slack Security Assessment with our Experts

‍