Serviceteam IT Security News
Microsoft plugs a security hole that could have enabled attackers to weaponize a GIF in order to hijack Teams accounts and steal data

Microsoft has fixed a security flaw in Microsoft Teams that, if left unattended, could have been exploited to take over user accounts. By hijacking a Teams account, the bad actors might eventually traverse through the organization and gather data from the Teams accounts ranging from confidential information, passwords and business plans, among other things, according to researchers from CyberArk.

With companies recently forced to switch to working remotely due to the COVID-19 pandemic, their IT departments were faced with a challenge on how to make the switch to home office safe. Resolving communication was a cornerstone issue, with a large number opting to use one of the premier platforms such as Zoom, Microsoft Teams, or Slack. This has, in turn, put the platforms and it users in the crosshairs of cybercriminals.

CyberArk has now described a possible attack scenario: “We found that by leveraging a sub-domain takeover vulnerability in Microsoft Teams, attackers could have used a malicious GIF to scrape user’s data and ultimately take over an organization’s entire roster of Teams accounts.” The sub-domains that were vulnerable to takeover were aadsync-test.teams.microsoft.com and data-dev.teams.microsoft.com.

“If an attacker can somehow force a user to visit the sub-domains that have been taken over, the victim’s browser will send this cookie to the attacker’s server and the attacker (after receiving the authtoken) can create a skype token. After doing all of this, the attacker can steal the victim’s Teams account data,” reads the article.

RELATED READING: Work from home: Videoconferencing with security in mind

Exploitation of the vulnerability would have involved sending the victims a malicious GIF file. Worryingly, even viewing the GIF would have been enough to be affected, and the attack could spread automatically, in a worm-like fashion. The flaw is said to have been present in both the desktop and web browser versions of Teams.

CyberArk disclosed its findings to Microsoft on March 23rd, with the tech giant acting quickly and correcting the misconfigured Domain Name System (DNS) records on the same day. On April 20th, Microsoft issued a patch for Teams. Apparently, no attacks were spotted in the wild.

Zoom, one of Teams’ key competitors in the communication and collaboration arena, has had its share of privacy and security issues of late. Also, those findings came after half a million Zoom accounts were offered for sale on the dark web, although this was not due to any kind of breach of Zoom’s defenses.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!