Covid-19 crisis has forced professionals to work remotely. More and more people are working from home and staying connected via video conferencing solutions like Zoom, Microsoft Teams. The lockdown has helped cybercriminals to target the working professionals by exploiting vulnerabilities found on these platforms.
Similar to any other communication platform, Microsoft Teams allow users to send and receive media files including animated GIFs. Cybersecurity researchers from CyberArk have discovered that a GIF containing malicious code can let hackers compromise the user’s Microsoft Teams account.
The attack involves using a compromised subdomain to steal security tokens when the user loads an image. The end-user only views a GIF that is sent to them. In a blog post, CyberArk researchers said, “We found that by leveraging a subdomain takeover vulnerability in Microsoft Teams, attackers could have used a malicious GIF to scrape users’ data. Since users wouldn’t have to share the GIF – just see it – to be impacted, vulnerabilities like this have the ability to spread automatically.”
This vulnerability can let the hacker take over the organisation’s entire roster of Teams account. When the token gets delivered to the server, the attacker could take advantage and ultimately acquire the victim’s account using Teams API interfaces. The flaw could also give access to read messages received by affected users or send messages. This allows attackers to impersonate the Teams account owner.
Microsoft has promptly fixed the vulnerability. The company has ensured that the subdomains identified by researchers cannot be used for exploitation. The company said, “We addressed the issue discussed in this blog and worked with the researcher under Coordinated Vulnerability Disclosure. While we have not seen any use of this technique in the wild, we have taken steps to keep our customers safe.”