Microsoft Teams Vulnerability Illustrates Risk Associated With Collaboration Apps

There is no better business chat app than Microsoft Teams. The COVID-19 epidemic propelled it to the forefront as a vital area for business users to continue functioning normally. More than 270 million people utilize Teams on a monthly basis. As a result of the pandemic, the platform gained a total of 115 million users by October 2020 and 145 million users by April 2021, up from 75 million in April 2020. Since 2019, Gartner has observed a 44% increase in workers’ use of collaboration tools, with an expected total adoption rate of 80% by 2021.

This extensive adoption of these technologies has, however, made them susceptible to a number of critical security flaws.

The Teams app for Windows, Mac, and Linux, for instance, stores login tokens in plain text on the underlying device, as demonstrated by research published yesterday by Vectra. This is critical since it indicates that an attacker can obtain authentication tokens along with other information if they successfully hack a system on which Teams is installed. This flaw demonstrates the danger of relying on the safety of consumer-grade, public-grade communication platforms for transmitting confidential business data, such as IP addresses.

How Dangerous Is The Microsoft Teams Vulnerability?

Collaboration tools like Teams have been called out for their lack of security before. Avanan found a rise in cyberattacks launched using Microsoft Teams at the beginning of this year, with attackers spreading malware over the platform’s conversations and channels. These new security flaws represent yet another weak point in programs designed to serve as enterprise-level communication platforms.

The issue of attackers with local access collecting cookies and other site credentials remains unresolved, according to John Bambenek, the principal threat hunter at Netenrich. That’s not to downplay its significance, though. One major issue is that once an attacker has a cookie, they can use it to impersonate that machine on any number of other devices.

To prevent cookie and credential relay attacks, Bambenek suggests that “developers and IT businesses deliver these credentials scrambled with some local-machine unique information.”

The Issue With Collaboration Apps

Unfortunately, even collaboration programs might have security flaws. They are susceptible to web-based attacks and phishing efforts, and they contain underlying vulnerabilities, just like any other browser-based program. Some users’ hashed passwords were exposed for five years due to a fault in Slack, which only recently came to light. About a year before that, hackers exploited stolen cookies to break into EA Games’ internal messaging system, where they made off with 780GB of data, including the Fifa 21 source code.

Not that services like Slack or Microsoft are inherently unreliable, but rather that they aren’t updated frequently enough to keep up with the more sophisticated cyber attacks and state-sponsored hacking campaigns that target modern businesses.

However, many businesses still use these methods to communicate sensitive data despite their known vulnerabilities. Veritas Technologies found that 71 percent of office workers throughout the world had admitted to utilizing virtual collaboration tools to share confidential or highly important firm information. Therefore, what options do businesses have?

Limiting The Risks Of Collaborative Applications

In August, Vectra informed Microsoft of a new vulnerability in Teams, but the software giant didn’t think that it was serious enough to merit a fix. In any case, businesses handling trade secrets or regulated information should exercise caution when using messaging apps that expose sensitive information to the public. Nonetheless, they shouldn’t rely solely on offline means of contact. However, this does mean that businesses need to put in place strict safeguards to prevent sensitive information from escaping.

While collaboration tools are indispensable in the current era of remote work, they also present severe risks to an organization’s security and privacy if they are not handled effectively, as stated in a report by Deloitte. Organizations should monitor security risks, implement controls when possible, and prioritize service availability as these technologies continue to permeate all aspects of the business. Implementing content rules for platforms, building a web application firewall, and leveraging cloud access security broker (CASB) solutions to discover data exfiltration are all examples of measures that can be used in practice.