As businesses migrate en masse to remote communication and collaboration platforms, cybersecurity experts at Israeli firm CyberArk have unveiled another vulnerability putting users’ data at risk.
Researchers found “a critical security vulnerability” in Microsoft Teams, a popular workplace collaboration platform that has seen its daily active users more than double to a total of 44 million in recent months.
The flaw, which researchers said was fixed prior to Monday’s announcement, could lead to widespread data-theft campaigns, compromised credentials, ransomware attacks and even corporate espionage.
It was found that leveraging a compromised Microsoft Teams subdomain enabled attackers to send a malicious GIF image to their target, scrape the user’s data and ultimately take over an entire roster of accounts belonging to an organization.
Researchers said the victim only needs to see the malicious image, which seems innocuous, to be attacked. The vulnerability could attack every user running Microsoft Teams for desktop or via a Web browser.
“One of the biggest and the scariest things about this vulnerability is that it can be spread automatically, just like a worm virus,” researchers Asaf Hecht and Omer Tsarfati said in a report. “The fact that the victim needs only to see the crafted message to be impacted is a nightmare from a security perspective. Every account that could have been impacted by this vulnerability could also have been a spreading point to all other company accounts.”
CyberArk said it had worked with the Microsoft Security Research Center through its Coordinated Vulnerability Disclosure process to fix the flaw. The vulnerable subdomains were quickly reconfigured, a patch was issued on April 20, and Microsoft is continuing to develop security features to prevent similar flaws.
“In times of remote working – as companies continue to rely on technologies like Microsoft Teams, Zoom and others to stay connected with employees, customers and partners – more information is being passed back and forth more than ever,” Hecht and Tsarfati said.
“The amount of data that goes into these applications is enormous, making them prime targets for attackers,” they said. “Vulnerabilities like this can put sensitive data, credentials and conversations at risk.”