There are more than 2,400 apps in the Slack app directory, and many more from other, non-verified marketplaces that can be integrated via OAuth tokens and Webhooks. In fact, only about 10% of connections to Slack come from the official app directory, meaning that many organizations are using numerous third-party app connections with zero vetting, on a daily basis.
Slack often serves as an organization’s main communications channel. One of its greatest features to help increase productivity and streamline processes is the ability to build and integrate internal and external applications on top of it.
The risks of unmonitored app-to-app connections and non-human access to Slack environments
Each connection grants powerful access keys to a third-party app vendor that may not be trustworthy. Once those keys fall into the wrong hands, private conversations could be exposed and passwords or tokens shared within private channels may be accessed.
A recent attack against Slack demonstrates these risks; In January 2023, Slack announced that over the new year holidays weekend, its GitHub code repositories had been breached, and a limited number of employee tokens were stolen.
Your Slack environment could be more exposed than you think
Using the Astrix Security platform, we discovered that Slack environments typically have hundreds of connections to third-party applications and cloud services. From our research we discovered:
- On average, for every 5000 employees, we saw 40 new OAuth tokens for Slack apps added every week
- The majority of installed Slack integrations – 60% – were not installed from the official app directory
- Out of 4,385 apps integrated within Slack, about 2% had access to the entirety of private channels and the DMs (Direct Messages) of the user who installed them
- 5% of the installed apps were able to impersonate the user which installed them, and send messages on their behalf.
How Astrix helps secure your Slack environment
- Get a full inventory of all non-human access to your Slack environment, and understand the risks associated with them.
- Get visibility to webhooks created in the installation process of internal and external apps – see the risk they pose, the vendor behind each app and additional risk factors.
- Detect anomalous activity and remediate risks – Astrix’s behavioral analysis looks into the app’s access parameters such as geolocation, IP and user agent as well as advanced behavioral parameters such unusual usage, to detect misbehaving services and apps.
- Make faster business and security decisions by understanding the business value of each non-human connection including the usage level (frequency, last maintenance, usage volume), the connection owner, who in the company uses it and the marketplace info.
- Get alerts only on risks that expose you to supply chain attacks, data breaches, and compliance violations, and easily remediate them through automated workflows
