Recently, Microsoft Teams faced cyber-attacks through funny and innocuous-looking GIFs file format. They took prompt actions to fix it all in time though.
However, this incident reveals that even a tech giant like Microsoft Teams can be targeted by hackers through simple chat messages which allow the users to send and receive animated GIFs.
CyberArk researchers have discovered that when these malicious GIFs are opened or viewed, the hackers could get a free pass in the user’s account and stealing data can become simple!
Due to global lockdown situations, more people are conducting work from home through tech apps like Zoom and Microsoft Teams.
The cyber-criminals used a subdomain to takeover the vulnerability in Microsoft Teams by using malicious GIFS. When these GIF images would have been viewed, they could have allowed the hackers' easy access to scrape all the user’s data and would have taken over a company’s roster of Team’s accounts with all details and secret information. It would have adversely affected every person using the web browser or desktop versions of Microsoft Teams. And that person would not even know about it!
This was probably a targeted attack towards highly valued users or accounts.
Thankfully, CyberArk let Microsoft know about this dangerous issue on the 23rd of March,2020, and together, CyberArk and Microsoft Security teams quickly took control of the entire situation by recognizing this account takeover vulnerability and fixing it promptly.
This current issue has been taken care of, but there is no guarantee that such an exploit will never happen again too. It was not the first time, nor is it the last. These hacking attempts, cyber-attacks, phishing attempts, and setting up of malicious sites under the hood of innocent-looking links are not new.
These types of incidents happen because of the failure of the applications to check the content properly and thoroughly before bringing it from servers and introducing them to the world.
This shows that any kind of data that is brought to a web-based application can be leveraged to introduce codes in a machine and make the user take un-authorized actions.
These types of attacks are not easy to set up or carry on, but they are workable and can infect other users at a rapid rate, like a virus.
All software is prone to such attacks, so it is always good to keep regularly updating to the latest versions, to avoid becoming a target of such cyber-crimes.
Read next: Security Researchers Conducted A Study To Determine The Best Antivirus For Android Users
However, this incident reveals that even a tech giant like Microsoft Teams can be targeted by hackers through simple chat messages which allow the users to send and receive animated GIFs.
CyberArk researchers have discovered that when these malicious GIFs are opened or viewed, the hackers could get a free pass in the user’s account and stealing data can become simple!
Due to global lockdown situations, more people are conducting work from home through tech apps like Zoom and Microsoft Teams.
The cyber-criminals used a subdomain to takeover the vulnerability in Microsoft Teams by using malicious GIFS. When these GIF images would have been viewed, they could have allowed the hackers' easy access to scrape all the user’s data and would have taken over a company’s roster of Team’s accounts with all details and secret information. It would have adversely affected every person using the web browser or desktop versions of Microsoft Teams. And that person would not even know about it!
This was probably a targeted attack towards highly valued users or accounts.
Thankfully, CyberArk let Microsoft know about this dangerous issue on the 23rd of March,2020, and together, CyberArk and Microsoft Security teams quickly took control of the entire situation by recognizing this account takeover vulnerability and fixing it promptly.
This current issue has been taken care of, but there is no guarantee that such an exploit will never happen again too. It was not the first time, nor is it the last. These hacking attempts, cyber-attacks, phishing attempts, and setting up of malicious sites under the hood of innocent-looking links are not new.
These types of incidents happen because of the failure of the applications to check the content properly and thoroughly before bringing it from servers and introducing them to the world.
This shows that any kind of data that is brought to a web-based application can be leveraged to introduce codes in a machine and make the user take un-authorized actions.
These types of attacks are not easy to set up or carry on, but they are workable and can infect other users at a rapid rate, like a virus.
All software is prone to such attacks, so it is always good to keep regularly updating to the latest versions, to avoid becoming a target of such cyber-crimes.
Read next: Security Researchers Conducted A Study To Determine The Best Antivirus For Android Users