9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
By exploiting a vulnerability in Microsoft Teams, attackers can send malicious files using a remote account. Will teams be the new playing field for phishing? With Microsoft Teams,
By exploiting a vulnerability in Microsoft Teams, attackers can send malicious files using a remote account. Will teams be the new playing field for phishing?
With Microsoft Teams, you can communicate not only with people within the organization, but also with external accounts. This provides a convenient way to communicate more directly with customers, suppliers, and trading partners. But these external accounts can also be a wolf in sheep’s clothing. Cybersecurity Jumpsec Labs found that hackers in teams have free reign to trap you or your colleagues.
Typically, Teams doesn’t allow you to share files with a contact outside of your organization. Conversations with external parties are marked as such and sharing is disabled. However, hackers can bypass this restriction by changing the external and internal account IDs in a POST request to Teams. In technical terms this is called one insecure direct object reference.
This allows them to share files as if they were an internal account. From here on, the attack method is like a classic phishing attack. The hacker pretends to be someone they trust and gives a good reason why the victim should access the file. The malicious file is in the form of a SharePoint file.
Jumpsec Labs warns that if attackers discover this method, teams could become a popular attack vector. Since Outlook has been blocking macros by default for some time, it has become more difficult for hackers to trap victims via email. We first saw the hackers’ focus shift to OneNote, but now that Microsoft has stepped in there too, attackers are looking for new avenues.
According to Jumpsec Labs, there are many reasons why teams can be like this. The virus hides behind an attached file and not a link. People are now being conditioned not to click every link they see, but files are downloading even faster without thinking. Employees must also be trained in the critical handling of files.
Microsoft doesn’t seem to care too much about it. Jumpsec Labs had already notified the Teams owner of the vulnerability, but according to Microsoft, it “does not meet the criteria for immediate intervention,” the researchers said. While waiting for resolution, Jumpsec Labs recommends reviewing external account settings and only accepting messages from trusted third parties.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
