Security researchers have found a simple way to deliver malware to an organisation with Microsoft Teams, despite restrictions in the application for files from external sources.
With 280 million monthly active users, Microsoft Teams has been adopted by organisations as a communication and collaboration platform part of the Microsoft 365 cloud-based services.
Microsoft Teams running the default configuration allows communication with Microsoft Teams accounts outside the company, typically referred to as "external tenants." All organisations running with the default configuration are at risk of this attack vector.
In a report, the researcher mentions that while this communication bridge would be enough for social engineering and phishing attacks, the method they found is more powerful as it allows sending a malicious payload directly to a targeted inbox.
Microsoft Teams has client-side protections in place to block file delivery from external tenant accounts. This vulnerability allows threat actors to bypass client-side security controls and send malware to employees’ MS Teams inboxes. The message appears with an External banner, but some users may still be tricked into clicking on it.
This attack bypasses existing security measures and anti-phishing training advice, giving attackers a fairly easy way to infect any organisation using Microsoft Teams with its default configuration. While employees may ignore unsolicited emails, they would not suspect emails sent via Teams IDs.
Although Microsoft confirmed the existence of the flaw, the reply was that "it does not meet the bar for immediate servicing," meaning that the company does not see an urgency in fixing it.
While Microsoft works on addressing this issue, organisations should consider implementing the following precautions:
- Disable Chat with External Unmanaged Team Users: Temporarily disable the option to chat with external users until the vulnerability is resolved. This reduces the risk of exposure to malicious files.
- Educate and Raise Awareness: Inform your staff about the existence of this vulnerability -and the potential for marked external messages. Encourage vigilance and caution when interacting with communications from external sources.
- Implement Additional Security Measures: Consider deploying supplementary security solutions to enhance your organisation's protection against malware threats. These may include advanced email filtering, endpoint security, and threat intelligence solutions.
To sum it up, following the steps mentioned above should help protect your team from this security issue. If you encounter any problems or have concerns, our tech support team are here to assist you. We'll keep you informed about any updates on this matter. Stay safe and stay secure!