Microsoft Teams Features Amp Up Orgs Cyberattack Exposure

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Teams Features Amp Up Orgs Cyberattack Exposure


Its as they say: Teams is only as strong as its weakest links. Microsofts collaboration platform offers Tabs, Meetings, and Messages functions, and they all can be exploited.



Researchers have identified several ways hackers can leverage Microsoft Teams functionalities to phish users, or deliver malware directly to their computers without their knowing it.
Using tabs in the Teams user interface, bad actors could potentially trigger a malicious payload, or redirect users to malicious sites while hardly leaving any trace, according to
a report this week from Proofpoint
. Additionally, through meeting invites or messages, hackers could replace legitimate URLs with malicious ones — again, without any obvious means for users to suss out the difference before its too late.
These risky Teams functionalities provide a nearly ideal attack platform for threat actors to target victims without being detected, the researchers tell Dark Reading.
Crucially, all of the proposed scenarios require an attacker to already have a compromised account or session token on hand. But as the researchers are quick to point out, hackers have long been targeting and
cracking enterprise Teams environments
.
According to the report, around 60% of Microsoft 365 tenants were subject to at least one successful account takeover incident in 2022. Teams, for its part, was the tenth most-targeted sign-in application last year, with 39% of targeted organizations experiencing at least one unauthorized, malicious login attempt.
Rarely do tabs evoke fear. Only, perhaps, when weve got too many of them open at once.
Unlike browsers, however, Teams tabs can point to applications, websites, and files. For example, the default Files tab — first and foremost in any channel or chat window — is associated with SharePoint and OneDrive. And users can create tabs, of course — say, by pinning a particular web domain to a new tab.
A malicious user could do the same with a malicious domain, but thats just the beginning. Using undocumented API calls, a hacker could rename and reposition a malicious tab to break Teams conventions.
In theory, a hacker could create a tab pointing to a malicious URL, rename it Files, and reposition it to supersede the legitimate Files tab in a users chat window.
This could be extremely attractive for attackers, the researchers wrote, seeing as, by design, a website tabs URL is not displayed to users unless they deliberately visit the tabs Settings menu.
But why go through the trouble? Alternatively, a hacker could simply point their tab to a malicious file. If the user is accessing Teams via the desktop or Web client, Teams will automatically download the file to the users device, no questions asked.
Tabs arent the only Teams functionalities malicious actors could hone in on.
Take meetings. With API calls, an attacker could sabotage auto-generated meeting links in calendar invites, swapping them out with malicious ones. Because meeting links tend to be busy — not so simple as www.____.com — victims may have a difficult time telling the difference.
A malicious actor might also manipulate hyperlinks in chat messages, modifying the underlying URL to point somewhere malicious.
Proofpoints researchers speculated that, given that Teams API allows for the rapid and automatic enumeration and editing of links included in private or group chat messages, a simple script run by attackers could weaponize countless URLs within seconds, retroactively.
Teams is a hugely popular communications platform, where business users
often share highly sensitive information and documents
. Thus, the consequences of compromise can be high.
We have seen thousands of organizations experience
Teams account takeover
, the researchers explain, which subsequently led to financial fraud, brand abuse, sabotage, data theft, and other risks. According to multiple studies, the average cost of an account takeover incident can cost thousands to millions of dollars.
The solutions, by contrast, can be simple. Organizations can make informed decisions when there is greater transparency about the inherent risks of first party applications, the researchers say.
For instance, it should be easier for hidden URLs, which are inaccessible to the average user, to be viewed. Alternatively, adding and strengthening security measures to prevent automatic redirection to unwanted websites and block automatic file downloads would also help mitigate vulnerabilities.
When reached for comment, Microsoft offered the following response to Proofpoint:
Microsoft encourages users to observe security best practices in Microsoft Teams and to adopt industry-standard best practices for security and data protection including embracing the Zero Trust Security model and adopting robust strategies to manage security updates, antivirus updates, and authentication. More information on Zero Trust Security is available at
https://aka.ms/zerotrust
.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Teams Features Amp Up Orgs Cyberattack Exposure