Unexpected Slack API calls indicating malware share
Description
AlphaSOC detected unexpected API calls that may indicate malware sharing. Threat actors can leverage Slack's file-sharing features to distribute malicious files throughout an organization.
Impact
Malware distributed via Slack can result in widespread infection across the organization, compromise multiple systems, and provide adversaries with unauthorized access to sensitive company data, personal information, and other confidential resources.
Severity
| Severity | Condition |
|---|---|
Low | Unexpected Slack API calls indicating malware sharing |
Investigation and Remediation
Investigate the Slack workspace for any suspicious file uploads and analyze the files using malware detection tools. If malware sharing is confirmed or suspected, review Slack audit logs to determine the source of the uploads, reset credentials for the user responsible, and ensure that all malicious files are removed from the environment. Conduct a thorough security assessment to identify any further compromise or lateral movement.