Microsoft Teams Security Issues

Microsoft Teams users need to be aware of a new security threat called ‘GIFShell’ that allows hackers to use Microsoft Teams for novel phishing attacks. The threat allows users to covertly execute commands and steal data using GIFs.

According to BleepingComputer, the scheme allows threat actors to connect multiple Microsoft Teams flaws to infiltrate Microsoft Teams and deliver malicious files. The flaws allow reverse shell creation. Once made, the reverse shell can be used by attackers to deploy malicious commands via GIFs.

A report was first shared with Microsoft back in May of 2022 by a cybersecurity consultant named Bobby Ranch. In his post, Ranch details what is involved in taking advantage of seven different vulnerabilities in Microsoft Teams in order to execute the attack.

On a related note, Microsoft is readying a new security feature for Teams that will keep users more informed about just who’s trying to contact them. In the latest edition of their product roadmap, Microsoft details how users will soon be “prompted with the option to acknowledge or leave the group chat” when they get an invitation from outside their organization. The change is due to take effect at some point in October of 2022.

Microsoft Teams has allowed group chats and calls outside of organizations for a while. Of course, it’s never been very good at notifying users about the origin of an invitation.

The issue, especially in large organizations can become a major problem. If employees don’t recognize a name in a group chat, they may simply assume that the person works in another department or location.

Previously, the best security measure Microsoft had in place to protect Teams users from this particular issue was requiring external access capabilities to be enabled. This means that the ability to be contacted by all Teams users, regardless of organization, is at the discretion of the leader of the user’s organization.

Phishing attempts like this one are not new and are a reminder that it is important to always be aware of potential threats and follow computing best practices.

Leave a comment

Please note, comments must be approved before they are published