![]() Criminals can use the exfiltrated tokens to access the victim’s information, contacts, messages and so on.Īs described above, the vulnerability resides on a simple GIF image and in the way how Teams handles authentication to image resources.The victims’ Teams tokens are sent to the criminal’s side.The message is disseminated and other victims are affected.At this point, the criminal impersonates the victim and spreads the GIF image with the payload in the organization’s Teams accounts like a worm, infecting a large group of employees. The victim opens and sees the message with the GIF image embedded. ![]() ![]() A malicious GIF image is prepared and created by criminals and sent to a first victim during a videoconference via chat.In detail, the attack can be exploited following the next steps: ![]() ![]() Figure 1 below demonstrates how this attack can be executed against a large company.įigure 1: Microsoft Teams attack workflow The disclosed flaw is a worm-like vulnerability that allows criminals to take over an organization’s entire roster of Teams accounts just by sending victims a malicious link to an innocent-looking GIF image.Įven if a criminal doesn’t have sensitive information from a Team’s account, the flaw can be used to perform a spread attack over the organization’s accounts just like a worm, getting the account’s tokens and then accessing all the chat sessions of the target users. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |