How the Discord CDN may be a Threat to your Enterprise

Posted by Trevagh Stankard on Thu, Apr 29th, 2021

We have used the phrase that cybersecurity is a moving target on a number of occasions. One big reason for that is because cybercriminal activity is a moving target as well.  Scammers are always looking for the next easy way to make a quick buck off people.

In the same way that petty thieves turn to pickpocketing in crowded touristy destinations with droves of unwary travelers, cybercriminals target web venues that attracts large congregations of unsuspecting users.

One such site is the group-chatting platform, Discord which is highly popular with gamers but has been broadening out to other audience communities as well.  It allows users to interact with each other through a broad array of mediums including voice calls, video calls or texting.

 

Paradise Lost

According to Forbes Magazine, Discord had a user base of 150 million and boasted a valuation of $2 billion back in 2019 that has grown since then.  Forbes revealed in an article that Discord groups dedicated to cybercriminals activity were being investigated by the FBI back then.

The bulk of this criminal activity was petty scams.  Cyber criminals used live chats offering gift cards at “discount prices” or malware-as-a-service lifetime subscriptions for a nominal fee.  Other instances involved selling stolen pay cards and PayPal accounts.

Some of these perpetrators specifically targeted children. While once deemed a “gamers paradise,” Discord it seems has become a new paradise for cybercrime according to Cyware magazine.

 

The Lack of Discord Supervision has Consequences

One of the aspects of Discord that has made it so popular with its userbase is its open access and lack of controlled supervision.  The lack of surveillance however comes at a price as illicit content, cyberbullying and other malicious behaviors abound.

The fact that non-registered users can download uploaded content makes it challenging to trace just who is responsible for the distribution of malware or illicit material.  What one person refers to as freedom, others refer to as pure mismanagement on the part of Discord.

 

Discord CDN

In addition to the continued compromise of the Discord chat service, the cybersecurity firm, Zscaler, cybercriminals are abusing the cdn.discorapp.com service to spread their malware infections.

Zscaler reported capturing more than 100 unique malicious code samples from Discord over a two month period.  The perpetrators initially lure users with phishing emails that promote the downloading of cracked software or gaming apps.

According to Bleeping Computer, hackers are taking advantage of a unique vulnerability within Discord that allows them to delete a malicious file after uploading it to the Discord servers, but having it remain within the Discord CDN URL for downloading. 

A nasty array of malware categories including keyloggers are being readily distributed using this CDN.  While Discord does provide warnings concerning some downloads, tests showed that many known malicious downloads were not flagged at all. 

 

Webhooks and Ransomware in Discord

Discord utilizes a feature called webhooks.  This feature gives users the ability to send messages to text channels without having the Discord application.  While the feature has its merits and uses, it also gives hackers the ability to probe your web sessions and steal saved login credentials from some of the major web browsers as well as the Discord user token.

TrendMicro recently uncovered a new ransomware that uses these webhooks as a communication platform with the victims.  Another ransomware strain called “Hog” has a new twist concerning the decryption process.

Rather than issuing a key, the victim’s machine is only decrypted once it joins their Discord server. Once the machine connects and the user enters authenticates with their user token, an embedded key within the malware.

 

Meet the Cure for Discord Cyberthreats

So how do you stop your users from visiting a site such as Discord?  The answer is an advanced DNS filtering and web security solution such as WebTitan.  Like many standard like web security filters, you can create policies that deny access to sites such as Discord.

However, WebTitan goes far beyond basic URL filtering.  Its malicious detection service active monitors and identifies threats in real time, thus blocking malware, phishing, viruses, ransomware and malicious content sites from accessing user web sessions.

Its malware scrubbers help ensure that malicious code won’t make its way from a compromised web server.  In addition, SpamTitan can prevent hackers from sending those alluring phishing emails directing users to Discord in the first place.

The fact is, there are a lot of perilous places out there on the Internet, and probably always will.  But with the one-two punch of WebTitan and SpamTitan, you don’t have to worry about those precarious areas. 

 

Talk to our subject matter experts at TitanHQ to learn how to protect your enterprise users, regardless of location, from precarious places like Discord.   Contact TitanHQ today and arrange to speak with one of our experts. Contact us.