You can’t attend Transform 2022? View all summit sessions in our on-demand library now! See here.
Microsoft Teams is probably the largest business communication platform in the world. It emerged during the COVID-19 pandemic as an important space for business users to stay productive.
Team there are more than 270 million monthly active users. The pandemic has helped accelerate the platform’s reach from 75 million users in April 2020 to 115 million in October 2020 and 145 million in April 2021.
Overall, Gartner recorded a 44% increase in workers’ use of collaboration tools since 2019, to 80% of workers using collaboration tools for work by 2021.
While these tools are very convenient, their widespread use has opened the door to some serious vulnerabilities.
For example, according to research released by Vector yesterday, versions of Teams for Windows, Mac, and Linux were storing authentication tokens in plain text on the underlying device. This is important because it means that if an attacker attacks the system where Teams are installed, they can gain access to the auth token along with other information.
This vulnerability highlights that businesses cannot rely on the security of consumer-grade, public-level communication platforms when they transmit sensitive information, IP, and other data.
How bad is the Microsoft Teams vulnerability?
This is not the first time Collaboration tools as Teams has received criticism for being unsafe. At the beginning of this year, Avanan identified a significant increase in ongoing cyberattacks against Microsoft Teams, with threat actors using chats and channels to circulate malicious .exe files.
These new vulnerabilities are another crack in the armor of applications that aim to be enterprise-grade communication platforms.
“In essence, this is still [the] John Bambenek, primary threat hunter at Netenrich. “That doesn’t mean it’s insignificant. The fundamental problem is that attackers can steal a cookie and use it on any number of machines to replay an authenticated machine.”
“I would like to see developers and tech companies send these credentials hashed along with some local machine-specific information so that attackers forward the credentials and the cookies will turn off. completely lost,” Bambenek added.
Problems with collaborative apps
Collaborative applications are not immune to security vulnerabilities. Like any browser-based software, they have fundamental flaws and can be targeted with web-based attacks and phishing attempts.
Recently it appeared that a bug in Slack exposed hashed passwords of several users over a period of 5 years. That happened about a year after the attackers used the stolen cookie to hack game’ personal communication channel, allegedly stolen 780GB of data including Fifa 21 source code.
The problem is not that solutions like Slack or Microsoft are particularly weak, but that they are not optimized to keep up with the level of sophisticated threats targeting modern organizations from both cybercriminals and actors. sponsored by the state.
Despite these weaknesses, many organizations continue to share protected information through these channels. Based on Veritas Technologies, 71% of office workers globally admit to sharing sensitive and business-critical company data using virtual collaboration tools. So what can organizations do?
Limit the risks of collaborative apps
Vectra reported the new Teams vulnerability to Microsoft in August, but later disagreed that the severity of the vulnerability warranted a patch.
In all cases, businesses that handle and manage trade secrets or managed information need to exercise caution when using communications applications that put highly valuable data at risk. That doesn’t mean they should stop using communication apps altogether. But that means they should implement strong controls to reduce the risk of data leaks.
Like a Deloitte report notes, “collaboration technologies, while critical in the rise of virtual work, can pose serious threats to an organization’s security and privacy if left unchecked. properly reason. As these technologies expand their reach and ubiquity in business, organizations should monitor potential threats, enact controls where feasible, and promote service availability. ”
In practice, controls include the use of several randomly selected strong passwords, use of a cloud access security broker (CASB) solution to identify data intrusions, deployment Content guidance for web application firewall implementations and platforms to detect application layer attacks.
VentureBeat’s mission is a digital city square for technical decision-makers to gain knowledge of transformative enterprise technology and transactions. Explore our summary report.