The Dangers of Unsanctioned Shadow Apps

The threat posed by unsanctioned shadow apps is a growing concern for businesses everywhere. Shadow apps is the term used to describe any applications that haven’t been cleared by a company’s information security team, but which employees choose to use anyway. Because these apps are not sanctioned, they usually aren’t monitored or secured in the same way that approved apps are, making them vulnerable to exploitation by criminals and/or insider threats. This article will look at some of the most prevalent areas for shadow apps and the dangers they pose to the wider organisation. 

Browser Extensions

Browser extensions are historically difficult to secure but pose a significant threat to data security, making them a perennial favourite amongst cyber criminals. A compromised browser extension can be used to deliver malicious URLs, turning that browser into a potent cyber weapon. Every day, Google is forced to remove dozens of such browser extensions from its Chrome Webstore, and that’s just one vendor.

Many recently discovered malicious extensions have been loaded with malware used for cryptocurrency mining and click fraud campaigns. Cryptocurrency mining in particular can have a devastating effect on an organisation’s network, with the amount of traffic generated causing major performance issues and running up big electricity bills.

Unsurprisingly, those behind such cryptojacking extensions aren’t too keen on getting caught, with many running their processes through proxy servers or using custom mining pools to separate the mining from the cryptojacking, but still deceive users.

Instant Messaging

Instant-messaging clients can be found in nearly every workplace and while the most popular ones, such as Skype, tend to be on the list of authorised apps, it’s the use of unknown, unsanctioned messaging apps that can expose an organisation to danger. For example, Pidgin is an open source client used by millions worldwide, but it can do much more than just enable communication between co-workers. In some environments it can also be used as a tool for running arbitrary commands on infected endpoints and controlling backdoors. 

Pirated Apps

In recent years, there’s been a growing number of apps sold outside of official stores. Many of these have been designed to look like legitimate ones, but are instead laced with malware, spyware, or worse. When installed, they can open up a network and the data held within to all kinds of cyber-attacks. 

The Wider Issues With Shadow Apps

Aside from the inherent risks that unsanctioned shadow apps present, like those described above, they also create wider issues that can make life very difficult for IT teams. One of the biggest is the fact they aren’t patched like sanctioned apps are. The majority of large organisations operate strict patching regimes across all their main applications, keeping them up to date with the latest bug and vulnerability fixes. However, with shadow apps falling outside of this scope, it can be weeks, months or even years before the employees using them decide to run updates, leaving them open to exploitation and unauthorised access. 

In other situations, these apps could be rigged to leverage network functionality to third party sites that an organisation may not even be familiar with. A perfect example would be an attacker using an FTP application that his or her organisation does not monitor at all. Once the attacker has access to sensitive data, he or she could exfiltrate it via the FTP without the organisation even knowing about it.

Once an organisation has established an ecosystem of sanctioned apps, it needs to take great care in ensuring third-party apps that integrate with those sanctioned apps don’t proliferate without the IT team’s knowledge. Popular cloud storage solutions like Dropbox and Box are often authorised for use in organisations, but they also interact with a large number of other apps that don’t have the same authorisation. If these avenues aren’t identified, they can quickly pose a threat to the organisation’s data security.

Lower the Risk by Understanding What’s in Your Environment 

For any organisation concerned about the use of shadow apps in its environment, there’s a growing number of security technologies that can be used to gain valuable insight into the apps employees are using, both sanctioned and unsanctioned.  For example, some software can give the IT team complete visibility into the types of data flowing through their system and even block unauthorised apps from executing. Others can be used to educate employees by alerting them when they attempt to open unsanctioned apps that are against company policy. Over time, these kinds of prompts help to change employee behaviour, teaching them to think more carefully before they act and understand when they are behaving in a risky manner.

Shadow apps inevitably find their way into the majority of organisations and while not all of them pose a threat, many of them can if they aren’t carefully monitored and/or controlled. While IT teams may not be able to prevent them altogether, taking steps to know what they are, the data they are accessing and who is using them will all play a key role in minimising the threat they pose.