Recently on Discord
Recently, businesses around the world have oriented themselves towards affordable and easy-to-use virtual communication & collaboration tools. This helps organizations become more efficient in terms of virtual cooperation and collaboration.
With 150 million active users, Discord was primarily built for gaming rather than business purposes. Such a virtual communication platform allows users to chat, make voice & video calls, share documents, and collaborate in an environment like Microsoft Teams or Slack.
Further in this article, we will explore the security threats regarding phishing attacks. Moreover, the best practices to protect yourself and your business will be explained.
Discord, a business tool?
Discord is an instant messaging and digital distribution platform that is optimized to share large volumes of text and voice messages. However, Discord allows the transfer of all types of digital content (e.g. downloadable files, videos, documents, links) between users and their groups.
As Discord was not primarily built for business communication, the platform lacks some enterprise important features. In this way, Discord provides support for bots (plugins) that can be installed within your business Discord group. In other words, such plugs aim to deliver productivity tools comparable to other collaborative platforms that serve different business needs.
Some top examples of Discords business tools (bots)
In our previous articles, we covered “Basic Phishing attacks” and “How to protect your business against such threat” and noticed similarities between Discord attacks and E-mail attacks. For instance, while an e-mail user is fairly educated to recognize malicious content, an unsuspecting Discord user might fall into the carefully set trap.
The scope of this article is to raise awareness of the fact that phishing attacks happen also outside the e-mail environment.
In the second part of the article, we will describe the steps you can take to avoid becoming a phishing target. Click here to skip.
In the third part, we came up with a business alternative that may suit your business needs. Click here to skip.
How does phishing spread on Discord? Domino effect.
While Discord became such an agile and easy-to-use messaging system, it also became an easy target for scammers, making Discord a handy mechanism for cybercriminals to spread malicious files that steal your credentials and personal information with different levels of harm.
"Cyber scams abuse is a rapidly growing threat, especially in phishing attacks violations"
As a Discord user, you have the freedom to join multiple servers (chat groups with rich functionalities) based on your interests and preferences.
While the ease of use and the rich of shared information is impressive, it’s easy to find yourself lost within multiple groups which can lead to unwanted events. Spam messages/notifications, lead to serious security breaches such as data theft (credentials, credit card data, files, etc.).
There are currently over 6.7 million active Discord servers – some are open, some are closed and some are dangerous.
The attackers usually take advantage of a large number of users in a group to “plant” malware into your system and send malicious links or files that look trustworthy.
In most cases, a successful attack targets the unique user token which can be later used for abuse by sending the malware to your contact list/groups. Depending on the scope of the malware, it can access sensitive data and credentials.
But it doesn’t stop there
Given the integration with web browsers, most of these harmful programs are completely undetectable by anti-virus solutions and can obtain highly sensitive data such as:
- Autofill (phones, keywords, names, emails, addresses, etc.)
- Credit cards data
- Browser activity
- Crypto wallet and authenticator (2FA) extensions
- PC local storage (that aims work projects, files, and other sensitive data)
"If mail Phishing is being actively discouraged (e.g. through spam filters and user knowledge), Discord phishing is virtually unchallenged yet"
"Until relevant malware protection tools are implemented on Discord, users must apply safety measures and only download trusted files"
A security lab (SOPHOS labs) investigated these concerns and came up with a worrying report that shows just how much malicious content is being sent via Discord.
“Abuse of Discord, like abuse of any web-based service, is not a new phenomenon, but it is a rapidly growing one: Sophos products detected and blocked, just in the past two months, nearly 140 times the number of detections over the same period in 2020. In April, we reported over 9,500 unique URLs hosting malware on Discord’s CDN to Discord representatives.
In the second quarter, we detected 17,000 unique URLs in Discord’s CDN pointing to malware. And this excludes the malware not hosted within Discord that leverages Discord’s application interfaces in various ways. At just prior to publication time, more than 4,700 of those URLs, pointing to a malicious Windows .exe file, remained active. “
In other words, Discord’s framework allows for easy setup and execution of all kinds of abuse/malicious programs.
For example, some can be found on GitHub (https://github.com/topics/discord-token-grabber), displaying different malware danger capabilities together with anti-virus evading properties.
It is interesting to note the accessibility of the malware, and how they come with a quick and easy setup guide that shows just how easy it is to set up and multiply a virus among Discord servers (groups).
In short, keep your business Discord server private as a good practice
To prevent external users to join and target your group of employees, we recommend you change the group’s visibility and privacy settings.
For instance, in the Discord platform, to invite someone to a server, you need to provide them with an invite link. Such links can be generated by every member of your group and start inviting someone else to your discord server.
To prevent this, as a host of the server, you can cut the ability of the members to create invite links. As a result, it will give you more control over who is accessing your Discord group.
Finally, other users can only join your server if they have received an invite link that you generated and sent out.
Instructions for server (group) owners
Instructions for server (group) members
We also recommend paying close attention to the shared links and attachments before opening them. It might be a phishing attack!
We recommend you adjust some privacy settings, such as Message Scan settings. Here you can restrict the ability of users to add you as a contact – by choosing the Keep me safe setting.
There are alternatives to keep your employees safe in the virtual world. We recommend Microsoft Teams as a secure alternative. From our experience, such a platform enforces team-wide and organization-wide two-factor authentication. Moreover, such a method ensures safe attachments and link protection without hindering the productivity of your organization.
Choose your best Teams plan
- MS Teams comes also as a bundled option in all paid Microsoft 365 Modern Workplace suites. This option brings you more features for your workplace that may be a huge advantage for your business. This includes access to vital business tools such as Microsoft 365 Office suite; OneDrive cloud storage and moreover, a new tool called Whiteboard (virtual space to sketch).
- We also offer some trials for newcomers. You may ask us for an MS Teams trial for 6-12 months and we will gladly help.
- There is also a free version of Microsoft Team that ensures your company’s productivity by providing several important features that Discord doesn’t have, such as larger file sharing and more integrations with productivity apps. However, the free option is available to everyone that downloads it on the Microsoft website or it is already built into Windows 11.
All in all, we have summarized the key points of Microsoft Teams’ capabilities. What can you do on MS teams?
- Organize meetings
- Voice and Video calls
- File storage
- Apps integration
- Business-wide video conferencing
- Microsoft Teams is included in Microsoft 365 for free.
How the attackers may reach you?
Billing, shipping, invoice related phishing emails.
Attackers most frequently use phishing campaigns where hackers send emails purported to be from a legitimate source. Such manipulation requests passwords or other sensitive information from you.
Visit our Phishing awareness articles to find out more about the threats and how to protect yourself and your business.