There are a variety of recent incidents which don’t fit the mold of ‘typical’ cyberattacks, and provide an insight into how you can protect your business against evolving threats.
In this insight we will explore:
- Two recent occurrences of modern, untraditional methods of cybercrime
- The lessons these incidents highlight
- What your business can do to stay ahead of changing cybercrime tactics
Misuse of trusted platforms
Collaboration platforms like Discord have become a core part of both professional and personal communication, with an estimated number of 689 million users by the end of 2025, but its dual use introduces security challenges. While corporate security training often focuses on phishing via email or workplace tools such as Microsoft Teams and Slack, platforms like Discord occupy a less scrutinized space.
Originally designed for gaming and social interaction, the platform is now also used by start-ups, developer communities, and other corporate teams for collaboration. Whether you use Discord for personal or business communication, the crossover between both creates an exposure gap – employees may apply caution within formal business platforms but treat Discord as inherently safe, even when accessing it from a corporate device.
Recent campaigns have exploited vulnerabilities in Discord’s invite system to distribute two strains of malware – AsyncRAT, which provides attackers with persistent remote access, and Skuld Stealer, which targets browser and cryptocurrency wallet data. The technique centres on how Discord generates and manages invite links. The platform supports two formats (discord.gg/{code} and discord.com/invite/{code}) and three distinct types – temporary, permanent, and custom vanity links. Temporary and permanent codes eventually expire or can be deleted, but vanity links remain active until a server loses its Level-3 perks, at which point the code can be re-registered by another server.
Attackers monitor for expired or deleted invites and then re-register them as vanity URLs on their own servers. This allows them to hijack links that were once legitimate, such as ones embedded in blog posts, forum threads, or social media pages, silently redirecting users to attacker-controlled servers. The delivery chain is engineered to evade automated detection. Adversaries chain and normalize redirects so that automated scanners see a benign URL during analysis, then route users through a fake ‘verify’ channel and bot authorisation to an external page. That page silently copies a malicious command on the user’s clipboard, instructing them to paste and run it. Executing this command launches a multi-stage loader which retrieves and installs AsyncRAT (for persistence and remote control) and Skuld Stealers (for browser, token and wallet seed-phrase harvesting). Stolen data is finally pushed to attacker channels.
What lessons can be learned?
This campaign highlights how attackers weaponize the mechanics of trusted platforms and exploit behavioral blind spots. While training often prepares employees to spot phishing in emails or other workplace tools, platforms like Discord fall outside typical corporate threat models. As communication platforms blur the line between personal and professional use, businesses must consider them as a potential corporate attack opportunity – ignoring this gives attackers new available entry points.
To mitigate these risks, businesses should expand awareness training to cover non-traditional attack avenues, enforce stricter app management policies, and deploy technical measures such as URL filtering, redirect-chain inspection, and endpoint detection. It is also important to recognize that even strong controls cannot prevent every incident. A full disaster recovery strategy which is supported by regular back-ups, ensures your business can resume operations quickly and securely in the event of an infection or breach.
Internet of Things as an attack vector
The Internet of Things (IoT) refers to the growing network of everyday devices across industries, such as home appliances, office sensors, medical equipment, and industrial machinery, which are connected to the internet to collect data or provide remote control. While these devices are convenient, they also expand the potential attack surface, often without the same level of protection or monitoring applied to traditional IT systems. In fact, studies suggest that 34% of breaches where IoT devices were involved led to total costs of between $5 million – $10 million higher than traditional IT attacks.
A recent event earlier this month highlights this risk, found at a university campus in Amsterdam (Spinozacampus), where attackers compromized smart washing machines which relied on digital payments. By exploiting weaknesses in the devices’ payment system, the attackers disabled billing, allowing students to wash their clothes for free. The operator, Duwo, ultimately shut down the machines, leaving over 1,200 students reliant on a handful of analog machines. One student reported that of these, only one was not consistently out of order.
This ability to hack into IoT devices and disable payments raises concerns about how the same vulnerabilities can be used to exploit data in far more damaging ways. Many of these devices handle sensitive payment information when connecting to their payment processors. If these communications are improperly secured, for example, if data is not encrypted end-to-end or if the device stores information such as card numbers or tokens in plain text, attackers can intercept or steal it.
In practice, this could mean attackers capturing payment card details as they pass through the system, retrieving stored credentials directly from the device, or exploiting the online management portals which often keep transaction records. In more advanced cases, attackers might alter the payment logic so that card details are secretly copied to a server they control, in a similar way to how web-skimming malware works on eCommerce sites.
The key risk here is that once attackers have access, what looks like a minor hack for free laundry could easily escalate into a large-scale theft of financial data from every person who uses the system.
What lessons can be learned?
This case shows why IoT devices should not be treated as ordinary consumer gadgets. When they process payments or interact directly with your customers, they require the same safeguards as core IT systems, such as strong credentials, regular updates, encrypted communication, and restricted access. For businesses, payment-enabled IoT should always use certified gateways with tokenisation so card details never sit on the device itself. Separating IoT from core networks also reduces the impact of a breach and monitoring these devices ensures potential anomalies – such as repeated billing areas or unusual traffic – are flagged quickly.
It is important for your business to stay vigilant, proactively considering all digital touchpoints, even for devices originally intended for convenience. With no fallback in place, the Spinozacampus disruption forced a rushed return to analogue machines, leaving thousands without reliable access. For businesses, the lesson is that IoT failure can cause real-world disruption, so proactive planning is more important than ever.
What next?
The two cases discussed in this insight demonstrate that cybercrime is no longer confined to predictable entry points such as phishing emails or outdated servers. Attackers are now exploiting trusted platforms and everyday devices, and for businesses, focusing only on the most common attack methods leaves significant blind spots.
Rather than avoiding modern applications and technologies, they should be treated as part of the wider IT system, with the same controls, monitoring, and resilience planning as core infrastructure. This includes expanding staff awareness training beyond email, securing connected devices to recognized standards, and ensuring new technologies are assessed for both their benefits and their risks.
Ultimately, cyber resilience comes from being prepared. Even the most well-defended systems can be breached, making recovery planning, backups, and tested incident response essential. Taking a proactive approach ensures overlooked technologies do not become the weakest link in your security strategy.
If you are using new platforms for your business or want assurance that your systems are protected against both expected and unconventional attack methods, our experts can advise on the best measures to stay secure.
To organize an initial consultation, contact us and a member of our team will be in touch.
