Instant Messaging Could Take Down Your Network

This blog was originally published by Ericom here.

By Mendy Newman, Ericom.

Individuals who value both convenience and privacy – which means almost all users – depend on instant messaging (IM) apps to communicate across all aspects of their personal lives. Every time we open a new chat, WhatsApp, for instance, reassures us that, “Messages and calls are end-to-end encrypted. No one outside of this chat, not even WhatsApp, can read or listen to them.”

Instant Messaging is How We Talk Today

Instant messengers have rapidly become the favorite tool in our communication toolbox for business as well. While formal interactions still require email, simple and efficient chat apps have been gaining for quick consultations and interactions. Slack and Microsoft Teams (and their many competitors) are widely used within organizations. But when it comes to communicating with third party providers, customers and other contacts for business purposes, as well as with family and friends in the course of the workday, IM apps such as WhatsApp are often the solutions of choice.

The numbers tell the story: WhatsApp, Facebook Messenger, Telegram, and Snapchat together have over 4 billion active users, with 2 billion on WhatsApp alone. 50 million of those WhatsApp users are business accounts. Weixin/WeChat and QQ have nearly 2 billion more users, mostly in China.

What’s Lurking in Your Chat?

All this explains why the web client of their favorite IM is one of the very first tabs many – perhaps most – people open at the start the workday and one that’s most frequently used throughout the day.

IM web clients, however, can pose a real danger to network security. A single click on a ransomware-infected file sent via a chat – either maliciously or unintentionally – can bring an entire organization to its knees.

The same end-to-end encryption that protects user privacy renders secure web gateways and next-generation firewalls, which organizations depend on to scan websites for malicious content, powerless to “see” if a file or link sent via IM to a users’ IM web client contains ransomware or other malware. As a result, if a chat contains a link to ransomware or an infected file, it will not be blocked. When the user opens the file or clicks on the link, malware can instantly move from the endpoint browser to – and throughout — the organization’s network.

It’s not hard to imagine scenarios in which cybercriminals share weaponized images in an IM group, submit an infected CV in response to an advertised opening, or send a sales inquiry that includes a malicious link. One click by a user, and the damage is done.

Many organizations simply block IM web clients, preventing their use. But in countries where chat apps are used widely for business as well as personal use, blocking IM web clients annoys users – to the point of revolt, in some countries! – and results in a productivity hit for the organization.

Protecting Against IM-Delivered Threats

Remote browser isolation (RBI) protects against threats delivered via chats. All content from the web client is opened in a virtual browser located in an isolated container in the cloud. Only safe rendering data is sent to the browser-based client on the user’s device, where users chat as they are accustomed to do. Any malware or ransomware remains in the isolated container, remote from endpoints and networks, and is destroyed when the user stops chatting. Files sent via the IM client are opened in isolation and sanitized of any malicious content within before being sent on the endpoint.

Taking the right protective measures can empower your users to use RBI productively, while preventing delivery of cyber threats.