Microsoft’s video conferencing service Teams restricts users from sharing files from external sources. However, security researchers have claimed to have discovered a way that attackers can use to launch malware attacks on organisations that are using Microsoft Teams. The claim has been made by the UK-based security services company Jumpsec. A part of the Microsoft 365 cloud-based services, Microsoft Teams boasts 280 million monthly active users.
How this bug can be exploited
Attackers will be able to exploit the bug if an organisation is running Microsoft Teams in the default configuration. In such cases, Teams will allow communication with accounts outside the company also known as “external tenants.”
In a report, the researchers have explained that this communication bridge will not only allow social engineering and phishing attacks but will also allow cyber criminals to send malicious payload directly to a target inbox.
As mentioned above, Teams already blocks file delivery from external tenant accounts using its client-side protections. However, researchers have discovered that attackers can bypass the restriction by changing the internal and external recipient ID in the POST request of a message. This can fool the system into treating an external user as an internal one.
The researchers also tested the technique and were able to successfully deliver a command and control payload into the inbox of a target organisation. Such an attack can bypass the existing security measures and anti-phishing training advice. This will allow attackers to easily infect any organisation using Microsoft Teams with its default configuration.
Moreover, if any attacker registers a domain similar to the target organisations on Microsoft 365, their messages could appear as if they are coming from someone within the organisation and not an external tenant. This also increases the chances of the target downloading the file into their systems.
Microsoft’s response to the claim
This vulnerability was reported to Microsoft, and the company validated that the flaw is legitimate. However, the tech giant has mentioned that the security flaw “did not meet the bar for immediate servicing,” as per the report.
Also, if organisations need to maintain external channels of communication, they can define specific domains in an allow-list, to lower the risk of exploitation. Jumpsec has also requested the company to add external tenant-related events in the Teams that can help prevent such attacks. Moreover, companies that don’t need to also maintain regular communication with external tenants can also disable this feature on the video conferencing platform.
How this bug can be exploited
Attackers will be able to exploit the bug if an organisation is running Microsoft Teams in the default configuration. In such cases, Teams will allow communication with accounts outside the company also known as “external tenants.”
In a report, the researchers have explained that this communication bridge will not only allow social engineering and phishing attacks but will also allow cyber criminals to send malicious payload directly to a target inbox.
As mentioned above, Teams already blocks file delivery from external tenant accounts using its client-side protections. However, researchers have discovered that attackers can bypass the restriction by changing the internal and external recipient ID in the POST request of a message. This can fool the system into treating an external user as an internal one.
The researchers also tested the technique and were able to successfully deliver a command and control payload into the inbox of a target organisation. Such an attack can bypass the existing security measures and anti-phishing training advice. This will allow attackers to easily infect any organisation using Microsoft Teams with its default configuration.
Moreover, if any attacker registers a domain similar to the target organisations on Microsoft 365, their messages could appear as if they are coming from someone within the organisation and not an external tenant. This also increases the chances of the target downloading the file into their systems.
Microsoft’s response to the claim
This vulnerability was reported to Microsoft, and the company validated that the flaw is legitimate. However, the tech giant has mentioned that the security flaw “did not meet the bar for immediate servicing,” as per the report.
Also, if organisations need to maintain external channels of communication, they can define specific domains in an allow-list, to lower the risk of exploitation. Jumpsec has also requested the company to add external tenant-related events in the Teams that can help prevent such attacks. Moreover, companies that don’t need to also maintain regular communication with external tenants can also disable this feature on the video conferencing platform.
window.TimesApps = window.TimesApps || {}; var TimesApps = window.TimesApps; TimesApps.toiPlusEvents = function(config) { var isConfigAvailable = "toiplus_site_settings" in f && "isFBCampaignActive" in f.toiplus_site_settings && "isGoogleCampaignActive" in f.toiplus_site_settings; var isPrimeUser = window.isPrime; if (isConfigAvailable && !isPrimeUser) { loadGtagEvents(f.toiplus_site_settings.isGoogleCampaignActive); loadFBEvents(f.toiplus_site_settings.isFBCampaignActive); } else { var JarvisUrl="https://jarvis.indiatimes.com/v1/feeds/toi_plus/site_settings/643526e21443833f0c454615?db_env=published"; window.getFromClient(JarvisUrl, function(config){ if (config) { loadGtagEvents(config?.isGoogleCampaignActive); loadFBEvents(config?.isFBCampaignActive); } }) } }; })( window, document, 'script', );
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
