Slack is one of the most popular workspace chat applications. Part of the reasons for its popularity is the focus on integrations and building an ecosystem of highly integrated third-party services. Slack has native capabilities such as the Slack APIs and Workflow Builder, allowing third-party software vendors and internal teams to integrate their services into Slack’s ecosystem. Third-party vendors can publish their apps on the Slack App Directory to easily distribute their services to the Slack user base and ease the onboarding and integration process for their customers.
Slack Apps and Workflows, whether built by a third-party or an internal team, leverage an intuitive no/low-code interface that allows developers to leverage Slack’s powerful webhooks, bots and other tools that seamlessly integrate with modern enterprises' digital workforce. Organizations that are highly dependent on Slack as their main internal communication platform realize that interfacing with Slack Bots and Slack Apps is the most efficient method to build efficient and automated digital workflows.
While Slack is inherently secure, third-party vendors who have access to it through these methods can be a weak link. Inherently risky or over-privileged OAuth tokens, etc. can be exploited to gain the keys to the kingdom, placing Slack customers at risk of data breaches and account exposure.
Supply chain access attacks against Slack are not properly covered by existing security approaches such as IdP (Identity Providers), CASB (Cloud Access Security Broker) and SSPM (SaaS Security Posture Management) solutions that focus on human-to-SaaS access controls and neglect the critical growing non-human SaaS-to-SaaS third-party integration layer.
As business communications are gradually shifting from emails to Slack , it’s becoming a prime target for attacks and phishing campaigns. For example, attackers can leverage Slack webhooks to gain access to public slack channels and post their phishing attempts for the channel (like detailed in this research). Messages can be used to attempt a “conservative” phishing campaign, aiming to hijack username and password, or an attempt for an OAuth Consent Phishing campaign, aiming to trick users into granting a malicious app the permissions to conduct actions on behalf of the user (an example for such attack), whether permissions to Slack or for other platforms. In addition, with the high amount of Slack Apps that end users authorize, their access tokens and their developers are becoming an increasing target for attackers that are looking to execute supply chain API takeover attacks.
Valence seamlessly integrates with your Slack environment and helps you discover your SaaS mesh attack surface and manage the risks associated with it: