Attack of the GIFs: Microsoft Teams compromised
Last week, security software company CyberArk located a vulnerability within Microsoft Teams allowing hackers to take over accounts using a humorous animated GIF.
Last week US security company CyberArk identified a vulnerability within Microsoft Teams to malware contained in animated images in the graphical interchange format, GIF.
Discovered by CyberArk cybersecurity researcher Omer Tsarfati, the security hole potentially allowed hackers using malicious GIF to steal user data and take over entire organisations’ Team accounts.
Tsarfati emphasised that the virus could spread automatically as one person viewing the GIF could affect all users of the same desktop or web browser version of Teams. Leveraging a subdomain takeover in this manner would theoretically spread the vulnerability across the entire organisation.
Areas of greatest vulnerability
“There’s been lots of attention on security holes and privacy concerns with Zoom, but this research underlines the truth that no video chat system is immune from vulnerabilities,” cybersecurity expert Graham Cluley told AccountingWEB.
While hackers have been adapting to new opportunities presented by the coronavirus pandemic, for example by impersonating the WHO and the NHS, the use of humorous GIFs opens a new angle of attack for malware. The increased use of instant messaging, video calling and collaboration tools has also seen a spike in related cyberattacks.
“Cybercriminals are changing and updating their attack methods every second, and we are finding more and more novelty approaches like this one,” said Tsarfati. “GIFs are something we all love to use, so it’s not surprising they would focus an attack using something so prevalent.”
As Bill Mew recently pointed out, cybercriminals are opportunists “and they see the current chaos as an incredible opportunity”. They will use every opportunity to breach companies and get their hands on your data.
A quick fix from Microsoft
Despite Teams security being compromised, Microsoft appears to have made it out of the attack unscathed.
“We don’t have any evidence that this attack method was used, and as soon as we found this vulnerability, we were able to work with Microsoft to quickly patch the vulnerability to ensure their Teams customers were protected,” said Tsarfati. However, CyberArk warned that this attack could be imitated within other platforms.
In this instance, Microsoft’s popularity raises both the risk levels and scrutiny from cybersecurity firms. Microsoft’s global reach within multinational companies make it a more lucrative target for cybercrime, particularly since the company extended its free trial and removed user limits at the outset of the virus crisis.
“Microsoft takes users’ security very seriously and works to immediately fix vulnerabilities when they are identified,” said Tsarfati. Without CyberArk’s quick identification of the GIF breach, however, the impact on Microsoft and its customers could have been a lot worse.
Cluley emphasised the importance of researchers like Tsarfati: “Security researchers who responsibly disclose vulnerabilities to vendors assist the entire community, and help to get problems fixed in the safest and speediest fashion possible.”
Becoming wise to attacks
CyberArk’s Tsarfati commented that the key to protecting businesses from unusual attacks like these comes down to education. Organisations should always be aware of these types of vulnerabilities and keep their employees up-to-date in turn.
According to CyberArk, employees should be suspicious of any irregular messages or images from users – especially if unrecognised or unexpected. Even more important is to be aware of messages from external parties.
“Also, don’t share sensitive information – like passwords – on Teams or any collaboration tool for that matter. You never know who may be listening,” added Tsarfati.