The Microsoft Teams vulnerability shows the danger of collaboration applications

Microsoft Teams is perhaps the world’s largest corporate communication platform. It has become popular as the go-to place for enterprise users to maintain productivity during the COVID-19 pandemic.

Teams There are over 270 million monthly active users. The pandemic helped accelerate the platform’s growth from 75 million users in April 2020 to 115 million in October 2020 and 145 million in April 2021.

In general, Gartner Since 2019, there has been a 44% increase in employee use of collaboration tools, with 80% of employees using collaboration tools for work in 2021.

Although these tools are convenient, their widespread use has led to some serious weaknesses.

For example, according to a study published by Vectra As of yesterday, the Windows, Mac, and Linux versions of Teams store credentials in plain text on the host device. This is important because if an attacker compromises the system where Teams is installed, they can gain access to authentication tokens along with other information.

This vulnerability highlights that enterprises cannot rely on the security of consumer-grade, public-grade communications platforms when transmitting sensitive data, IPs, and other information.

How bad is the Microsoft Teams vulnerability?

This is not the first time collaboration tools as Teams have received criticism for being unreliable. Earlier this year Avanan Microsoft has identified a significant increase in cyber attacks over Teams, with threat actors using chats and channels to distribute malicious .exe files.

These new holes are another chink in the armor of applications aiming to be enterprise-grade communication platforms.

“In fact, it still is [the] “Unresolved issue of stealing cookies and other web credentials by attackers with local access,” he said. Netenrich. “That doesn’t mean it’s not important. The main problem is that attackers can steal the cookie and use it on any number of machines to replay the authenticated machine.”

“I would like to see developers and tech companies send these credentials with some local machine information so that cookie and credential relay attackers are completely eliminated,” Bambenek added.

Problem with affiliate programs

Affiliate programs are not immune to vulnerabilities. Like any browser-based software, they have inherent bugs and can be targeted by web-based attacks and phishing attempts.

Recently it turned out to be a bug Peace had exposed the passwords of some users for five years. This comes nearly a year after attackers used stolen cookies to crack them EA Games’ A private communication channel that allegedly stole 780GB of data, including Fifa 21 source code.

The problem isn’t that solutions like Slack or Microsoft are particularly weak, but that they aren’t optimized to keep up with the level of sophisticated threats targeting modern organizations from both cybercriminals and state-sponsored actors.

Despite these vulnerabilities, many organizations continue to share protected information through these channels. according to Veritas Technologies, 71% of office workers globally admit to sharing sensitive and business-critical company information using virtual collaboration tools. So what can organizations do?

Limiting the risk of collaborative applications

Vectra notified Microsoft of the new Teams vulnerability in August, but the latter disagreed that the severity of the vulnerability warranted a patch.

In any case, businesses that process and manage trade secret or regulated data should exercise caution when using communications software that is at risk of exposing high-value data. This does not mean that they should stop using social media altogether. But this means they must implement strong controls to reduce the risk of data leakage.

As a Deloitte report notes that “collaboration technologies, while vital in the rise of virtual work, can pose serious threats to organizational security and privacy if not managed properly. As these technologies expand their reach and prevalence in business operations, organizations must be aware of potential threats, implement controls where possible and promote service availability.”

Controls in practice include using strong random passwords, using cloud access security broker (CASB) solutions to detect data exfiltration, implementing content guidelines for platforms, and deploying web application firewalls to detect application-level attacks.